Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix the "default" tls-version-min setting
commit 968569f defined TLS 1.2 as the minimum version if not set by user. But the patch introduced two errors: (i) ssl_flags is overwritten without regard to other options set in the flags (ii) Any tls-version-max set by the user is not taken into account. Makes it impossible to set tls-version-max without also setting tls-version-min along with loss of other bits set in ssl_flags. Fix it. The fix retains the original intent when possible, and tries to use the maximum possible value when it cannot be set to TLS 1.2 without conflicting with user-specified tls-version-max, if any. Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <20211015043227.10679-1-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22939.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
- Loading branch information