TLS Versions
Kurt Roeckx
kurt at roeckx.be
Wed Feb 6 22:11:33 UTC 2019
On Wed, Feb 06, 2019 at 02:05:27PM -0800, Hal Murray via devel wrote:
>
> float mintls = 1.2; /* minimum TLS version allowed */
> float maxtls; /* maximum TLS version allowed */
>
> Floats? The API to OpenSSL doesn't work in floats. We'll have to translate
> those to something useful. I'd like to push that back to ntp_config.
>
> From /usr/include/openssl/tls1.h
> # define TLS1_VERSION 0x0301
> # define TLS1_1_VERSION 0x0302
> # define TLS1_2_VERSION 0x0303
> # define TLS1_3_VERSION 0x0304
> # define TLS_MAX_VERSION TLS1_3_VERSION
>
> We should initialize those slots to TLS1_2_VERSION and TLS_MAX_VERSION
Please use 0 instead of TLS_MAX_VERSION, it means the same. I've
marked TLS_MAX_VERSION for deprecation.
Kurt
More information about the devel
mailing list