On 2017-08-27 13:46, Sebastian Andrzej Siewior wrote:
On 27 August 2017 08:32:06 CEST, Timo Sirainen <t...@iki.fi> wrote:
DEF(SET_STR, ssl_protocols),
DEF(SET_STR, ssl_cert_username_field),
DEF(SET_STR, ssl_crypto_device),
+ DEF(SET_STR, ssl_lowest_version),
Does it really require a new setting? Couldn't it use the existing
ssl_protocols setting?
You need to set a minimal version. SSL_PROTOLS can be set tls1.0 and tls1.2
which avoids tls1.1. Not saying that it is a good thing to do. Also you set it
to not do sslv2 and sslv3 which then enables tls1.0+.
If you want change its definition to use as a minimal version, be my guest. Or
if you plan to scan the string and match for the lowest version then this could
work, too.
Sebastian
Yes, that was the plan.
Aki
