|
|
|
@ -3580,11 +3580,20 @@ static void
|
|
|
|
|
mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer *b, int max)
|
|
|
|
|
{
|
|
|
|
|
int v = MBEDTLS_SSL_MINOR_VERSION_3; /* default: TLS v1.2 */
|
|
|
|
|
if (NULL == b) /* default: min TLSv1.2, max TLSv1.2 */
|
|
|
|
|
if (NULL == b) /* default: min TLSv1.2, max TLSv1.3 */
|
|
|
|
|
#ifdef MBEDTLS_SSL_MINOR_VERSION_4
|
|
|
|
|
v = max ? MBEDTLS_SSL_MINOR_VERSION_4 : MBEDTLS_SSL_MINOR_VERSION_3;
|
|
|
|
|
#else
|
|
|
|
|
v = max ? MBEDTLS_SSL_MINOR_VERSION_3 : MBEDTLS_SSL_MINOR_VERSION_3;
|
|
|
|
|
#endif
|
|
|
|
|
else if (buffer_eq_icase_slen(b, CONST_STR_LEN("None"))) /*"disable" limit*/
|
|
|
|
|
v = max
|
|
|
|
|
? MBEDTLS_SSL_MINOR_VERSION_3 /* TLS v1.2 */
|
|
|
|
|
?
|
|
|
|
|
#ifdef MBEDTLS_SSL_MINOR_VERSION_4
|
|
|
|
|
MBEDTLS_SSL_MINOR_VERSION_4 /* TLS v1.3 */
|
|
|
|
|
#else
|
|
|
|
|
MBEDTLS_SSL_MINOR_VERSION_3 /* TLS v1.2 */
|
|
|
|
|
#endif
|
|
|
|
|
: s->ssl_use_sslv3
|
|
|
|
|
? MBEDTLS_SSL_MINOR_VERSION_0 /* SSL v3.0 */
|
|
|
|
|
: MBEDTLS_SSL_MINOR_VERSION_1; /* TLS v1.0 */
|
|
|
|
@ -3596,6 +3605,10 @@ mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer *
|
|
|
|
|
v = MBEDTLS_SSL_MINOR_VERSION_2; /* TLS v1.1 */
|
|
|
|
|
else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.2")))
|
|
|
|
|
v = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS v1.2 */
|
|
|
|
|
#ifdef MBEDTLS_SSL_MINOR_VERSION_4
|
|
|
|
|
else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.3")))
|
|
|
|
|
v = MBEDTLS_SSL_MINOR_VERSION_4; /* TLS v1.3 */
|
|
|
|
|
#endif
|
|
|
|
|
else {
|
|
|
|
|
if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.3")))
|
|
|
|
|
log_error(srv->errh, __FILE__, __LINE__,
|
|
|
|
|