|Subject:||Patch: Add support SSL_CTX_set_min_proto_version, more SSL methods and TLS 1.3 constants|
|Date:||Fri, 1 Dec 2017 19:55:31 +0200|
|To:||bug-Net-SSLeay [...] rt.cpan.org|
|From:||Heikki Vatiainen <hvn [...] open.com.au>|
Hello Mike, this patch adds new functions related to SSL_CTX_new. Please see below for the detailed changes. Most of the client and server specific SSL_METHOD functions are now available. The patch also adds support for a new API introduced in OpenSSL 1.1.0 for setting the permitted TLS versions. TLS 1.3 constants in the patch allow controlling version 1.3 with SSL_CTX_set_options and min/max_proto_version CTX and SSL setters. The patch also includes a new test file. Testing was done with various OpenSSL and LibreSSL versions ranging from OpenSSL 0.9.8 and LibreSSL 2.2.0 to OpenSSL current git master (1.1.1-dev) and LibresSSL 2.6.3. The patch does not include anything autogenerated by the constant helper script. The diff is against version patched with set_default_passwd_cb.patch2 I sent earlier this week. Thanks, Heikki * Added new TLS method functions: - SSLv23_method - SSLv23_server_method - SSLv23_client_method - TLSv1_server_method - TLSv1_client_method - TLSv1_1_server_method - TLSv1_1_client_method - TLSv1_2_server_method - TLSv1_2_client_method - TLS_method - TLS_server_method - TLS_client_method TLS_method, TLS_server_method and TLS_client_method are available with OpenSSL 1.1.0 and LibreSSL 2.2.2 and later. * Added new SSL_CTX and SSL method functions: These require OpenSSL 1.1.0 or LibreSSL 2.6.0 or later. - SSL_CTX_set_min_proto_version - SSL_CTX_set_max_proto_version - SSL_set_min_proto_version - SSL_set_max_proto_version These require OpenSSL 1.1.0g or later. - SSL_CTX_get_min_proto_version - SSL_CTX_get_max_proto_version - SSL_get_min_proto_version - SSL_get_max_proto_version Added constants for the new method functions: - SSL3_VERSION - TLS1_VERSION - TLS1_1_VERSION - TLS1_2_VERSION * Added constants for controlling TLS 1.3 use. SSL_OP_NO_TLSv1_3 allows turning off TLS 1.3 with SSL_CTX_set_options and SSL_set_options. TLS1_3_VERSION works with the recently added SSL_CTX_set_min/max_proto_version method functions and their SSL counterparts. These constants are available in OpenSSL 1.1.1 development branch. * Added pod entries for the new functions returning SSL_METHOD structures. Added pod entries for CTX_set_min_proto_version, CTX_set_max_proto_version, set_min_proto_version and set_max_proto_version and their respective getters. * Added tests for CTX_new related functions. These include CTX_set_min_proto_version, CTX_get_min_proto_version and the related functions. Added tests for TLS 1.3 constants TLS1_3_VERSION and OP_NO_TLSv1_3. -- Heikki Vatiainen <firstname.lastname@example.org>
Message body is not shown because sender requested not to inline it.