On 12/10/18 00:06, Arne Schwabe wrote:
> The last version of the patch used the TLS1.2 version
> tls_ctx_restrict_ciphers to set the restrictions for both
> TLS 1.3 and TLS1.2 instead of using tls_ctx_restrict_ciphers_tls13
> for TLS1.3.
>
> Also fix minor style problem while I am touching the function
> ---
> src/openvpn/ssl_openssl.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
> index 6717ded0..da573cfa 100644
> --- a/src/openvpn/ssl_openssl.c
> +++ b/src/openvpn/ssl_openssl.c
> @@ -2002,15 +2002,16 @@ show_available_tls_ciphers_list(const char
> *cipher_list,
> if (tls13)
> {
> SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION);
> + tls_ctx_restrict_ciphers_tls13(&tls_ctx, cipher_list);
Isn't this function only available in OpenSSL 1.1.1 and newer? Or am I
missing a fine detail here?
--
kind regards,
David Sommerseth
OpenVPN Inc
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
