Am 15.10.21 um 06:32 schrieb [email protected]: > From: Selva Nair <[email protected]> > > commit 968569f83b1561ea4dff5b8b1f0d7768e2a18e69 > defined TLS 1.2 as the minimum version if not set > by user. But the patch introduced two errors: > > (i) ssl_flags is overwritten without regard to other > options set in the flags > (ii) Any tls-version-max set by the user is not taken into > account. > Makes it impossible to set tls-version-max without also setting > tls-version-min along with loss of other bits set in ssl_flags. > > Fix it. > > The fix retains the original intent when possible, and tries to > use the maximum possible value when it cannot be set to TLS 1.2 > without conflicting with user-specified tls-version-max, if any.
Makes sense and code looks correct. Acked-By: Arne Schwabe <[email protected]> _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
