search for: ssl_ctx_set_min_proto_version

...X_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); SSL_CTX_set_options(ssl_ctx, openssl_get_protocol_options(ctx->protocols)); - +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + if (ssl_set->ssl_lowest_version) { + if (!strcmp(ssl_set->ssl_lowest_version, "TLS1.0")) + SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION); + else if (!strcmp(ssl_set->ssl_lowest_version, "TLS1.1")) + SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_1_VERSION); + else if (!strcmp(ssl_set->ssl_lowest_version, "TLS1.2")) + SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_2_VERSION); +...

...1.1 it works as expected; with OpenSSL 1.0 it doesn't seem to break anything. Other than that, this is a first version; I'm sure there are still things to improve, so comments are welcome :) Regards, Apollon [1] https://bugs.debian.org/871987 [2] https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_min_proto_version.html Apollon Oikonomopoulos (1): Support setting min/max SSL protocol version doc/example-config/conf.d/10-ssl.conf | 4 ++++ src/config/config-parser.c | 25 +++++++++++++++++++++ src/lib-master/master-service-ssl-settings.c | 4 ++++ src/lib-master/master-ser...

On 27 August 2017 08:32:06 CEST, Timo Sirainen <tss at iki.fi> wrote: >> DEF(SET_STR, ssl_protocols), >> DEF(SET_STR, ssl_cert_username_field), >> DEF(SET_STR, ssl_crypto_device), >> + DEF(SET_STR, ssl_lowest_version), > >Does it really require a new setting? Couldn't it use the existing >ssl_protocols setting? You need to set a minimal version.

> On 1 Mar 2018, at 5:56 pm, Aki Tuomi <aki.tuomi at dovecot.fi <mailto:aki.tuomi at dovecot.fi>> wrote: > > > > On 01.03.2018 07:34, James Brown wrote: >> On 1 Mar 2018, at 4:09 pm, Aki Tuomi <aki.tuomi at dovecot.fi <mailto:aki.tuomi at dovecot.fi>> wrote: >>> >>> >>> What SSL library and version? >>> ---