Thanks for that.  This fixes my server test rig, which sets --tls-version-min
to accept connections from very old clients - it will now (still) fail old
clients that can not do TLS 1.2 (namely, OpenVPN 2.2(!) - 2.3 and up are
fine), but it will not fail "everything else" as the current code did.

Your patch has been applied to the master branch.

commit c535fa7afe45937bbc7dda435b2b05e57f7ecd53 (master)
Author: Max Fillinger
Date:   Wed Jul 3 19:41:58 2024 +0200

     mbedtls: Warn if --tls-version-min is too low

     Signed-off-by: Max Fillinger <maximilian.fillin...@foxcrypto.com>
     Acked-by: Arne Schwabe <arne-open...@rfc2549.org>
     Message-Id: <20240703174158.7137-1-g...@greenie.muc.de>
     URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28865.html
     Signed-off-by: Gert Doering <g...@greenie.muc.de>


--
kind regards,

Gert Doering



_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to