Acked-by: Gert Doering <g...@greenie.muc.de>
Verified that v2 is indeed the same as v1, without the init options
hunk. I have stared a the code a bit (looks reasonable) and run the
client side tests (pass).
To test if the compat mode works, I've connected from a client that
was forced with "--tls-version-max 1.0" to be incompatible with TLS 1.2
- connecting to "master with this patch", it fails ("TLS error:
Unsupported protocol"). Setting "--compat-mode 2.3.0" on the server
makes it negotiate TLS 1.0 -> good, does what it says.
I have adjusted the manpage to document that "1.0" is no longer the
default for --tls-version-min.
Your patch has been applied to the master branch.
commit 968569f83b1561ea4dff5b8b1f0d7768e2a18e69.
Author: Antonio Quartulli
Date: Mon Sep 13 21:29:29 2021 +0200
set TLS 1.2 as minimum by default
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Signed-off-by: Antonio Quartulli <a...@unstable.cc>
Acked-by: Gert Doering <g...@greenie.muc.de>
Message-Id: <20210913192929.26391-...@unstable.cc>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22838.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
