Displaying 4 results from an estimated 4 matches for "ssl_lowest_version".
2017 Aug 26
3
[PATCH] Add support for lower TLS version than default
...+++++++++++++-
4 files changed, 18 insertions(+), 1 deletion(-)
--- a/src/config/all-settings.c
+++ b/src/config/all-settings.c
@@ -308,6 +308,7 @@ struct master_service_ssl_settings {
const char *ssl_cert_username_field;
const char *ssl_crypto_device;
const char *ssl_options;
+ const char *ssl_lowest_version;
bool ssl_verify_client_cert;
bool ssl_require_crl;
--- a/src/lib-master/master-service-ssl-settings.c
+++ b/src/lib-master/master-service-ssl-settings.c
@@ -26,6 +26,7 @@ static const struct setting_define maste
DEF(SET_STR, ssl_protocols),
DEF(SET_STR, ssl_cert_username_field),
DEF(SE...
2017 Aug 27
3
[PATCH] Add support for lower TLS version than default
On 27 August 2017 08:32:06 CEST, Timo Sirainen <tss at iki.fi> wrote:
>> DEF(SET_STR, ssl_protocols),
>> DEF(SET_STR, ssl_cert_username_field),
>> DEF(SET_STR, ssl_crypto_device),
>> + DEF(SET_STR, ssl_lowest_version),
>
>Does it really require a new setting? Couldn't it use the existing
>ssl_protocols setting?
You need to set a minimal version. SSL_PROTOLS can be set tls1.0 and tls1.2 which avoids tls1.1. Not saying that it is a good thing to do. Also you set it to not do sslv2 and sslv3 which the...
2017 Aug 27
0
[PATCH] Add support for lower TLS version than default
...> If the admin decides to also support TLS1.[01] users he can then enable
> the lower protocol version in case the users can't update their system.
..
> DEF(SET_STR, ssl_protocols),
> DEF(SET_STR, ssl_cert_username_field),
> DEF(SET_STR, ssl_crypto_device),
> + DEF(SET_STR, ssl_lowest_version),
Does it really require a new setting? Couldn't it use the existing ssl_protocols setting?
2017 Aug 27
0
[PATCH] Add support for lower TLS version than default
...7-08-27 13:46, Sebastian Andrzej Siewior wrote:
> On 27 August 2017 08:32:06 CEST, Timo Sirainen <tss at iki.fi> wrote:
>>> DEF(SET_STR, ssl_protocols),
>>> DEF(SET_STR, ssl_cert_username_field),
>>> DEF(SET_STR, ssl_crypto_device),
>>> + DEF(SET_STR, ssl_lowest_version),
>> Does it really require a new setting? Couldn't it use the existing
>> ssl_protocols setting?
> You need to set a minimal version. SSL_PROTOLS can be set tls1.0 and tls1.2 which avoids tls1.1. Not saying that it is a good thing to do. Also you set it to not do sslv2 and sslv3...