search for: ssl_txt_tlsv1_3

...only in disabling TLS 1.2 for Dovecot. On connection, I'm getting an error that 1.3 is an "Unknown ssl_min_protocol setting". Reading the source code, it seems that `openssl_min_protocol_to_options` in `src/lib-ssl-iostream/iostream-openssl-common.c` is simply missing an entry like { SSL_TXT_TLSV1_3, TLS1_3_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 } Is this a bug, something intentional, or has it simply not been added yet because nobody has been crazy enough to ask for it? Kind regards, Laurens -------------- next part -------------- An HTML attachm...

...ion that parses this setting in src/lib-ssl-iostream/iostream-openssl-common.c (openssl_min_protocol_to_options()), which maps strings such as SSL_TXT_TLSV1_2 == "TLSv1.2" (from openssl/ssl.h) to the appropriate version and option defines of OpenSSL. Said openssl/ssl.h does not contain a SSL_TXT_TLSV1_3, so it?s no surprise that dovecot does not know this setting. As a quick fix, I could probably extend struct {?} protocol_versions[] (in iostream-openssl-common.c again) with an appropriate "TLSv1.3" entry (and send a patch), though I would also suggest to OpenSSL to add a SSL_TXT_TLSV1_...

...n > src/lib-ssl-iostream/iostream-openssl-common.c > (openssl_min_protocol_to_options()), which maps strings such as > SSL_TXT_TLSV1_2 == "TLSv1.2" (from openssl/ssl.h) to the appropriate > version and option defines of OpenSSL. > > Said openssl/ssl.h does not contain a SSL_TXT_TLSV1_3, so it?s no > surprise that dovecot does not know this setting. As a quick fix, I > could probably extend struct {?} protocol_versions[] (in > iostream-openssl-common.c again) with an appropriate "TLSv1.3" entry > (and send a patch), though I would also suggest to OpenSSL to...

...> On connection, I'm getting an error that 1.3 is an "Unknown > ssl_min_protocol setting". > Reading the source code, it seems that > `openssl_min_protocol_to_options` in > `src/lib-ssl-iostream/iostream-openssl-common.c` is simply missing an > entry like > > { SSL_TXT_TLSV1_3, TLS1_3_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | > SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 } > > Is this a bug, something intentional, or has it simply not been added > yet because nobody has been crazy enough to ask for it? > > Kind regards, > > Laurens Hi! Just haven&...