Re: [ovs-dev] [PATCH 10/10] stream-ssl: Add explicit support for configuring TLSv1.3.

Eelco Chaudron Wed, 11 Dec 2024 08:15:53 -0800


On 9 Dec 2024, at 17:38, Ilya Maximets wrote:

> TLSv1.3 is currently only supported implicitly, if the --ssl-protocols
> are not provided.  Or with the recent range support like "TLSv1.2+".
> However, it is not possible to explicitly ask for TLSv1.3 or set a
> custom list of ciphersuites for it.  Fix that by adding TLSv1.3 to the
> list of available protocols and adding a new --ssl-ciphersuites option.
>
> The new option is necessary, because --ssl-ciphers translates into
> SSL_CTX_set_cipher_list() that configures ciphers for TLSv1.2 and
> earlier.  SSL_CTX_set_ciphersuites() sets ciphersuites for TLSv1.3
> and later.
>
> Tests updated to exercise new options and to reduce the use of
> deprecated TLSv1 and TLSv1.1.
>
> TLSv1.3 support was introduced in OpenSSL 1.1.1.
>
> Signed-off-by: Ilya Maximets <[email protected]>

Patchwork did not like the cover letter ACK, so will ack them individually.

Acked-by: Eelco Chaudron <[email protected]>

_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 10/10] stream-ssl: Add explicit support for configuring TLSv1.3.

Reply via email to