On Sun, Jul 12, 2020 at 12:29:43AM -0400, Viktor Dukhovni wrote:
>
> The main outstanding issue for which I'm authoring a new PR, is that
> each of the above results in SSL_CONF_cmd() returning an error for
> contexts of the other type or for contexts that are for a specific fixed
> version of TLS
On Wed, Jul 08, 2020 at 07:27:18PM +0200, Klaus Umbach via openssl-users wrote:
> > > Should I open an issue at https://github.com/openssl/openssl/issues?
> >
> > Yes please.
>
> Done: https://github.com/openssl/openssl/issues/12394
Thanks again for opening the issue, but I have a follow up que
On 08.07.20 17:57, Matt Caswell wrote:
>
>
> On 08/07/2020 17:48, Klaus Umbach via openssl-users wrote:
> > On 08.07.20 12:21, Viktor Dukhovni wrote:
> >> On Wed, Jul 08, 2020 at 04:36:55PM +0100, Matt Caswell wrote:
> >>
> >>> On 08/07/2020 16:28, Viktor Dukhovni wrote:
> > How could I set t
On 08/07/2020 17:48, Klaus Umbach via openssl-users wrote:
> On 08.07.20 12:21, Viktor Dukhovni wrote:
>> On Wed, Jul 08, 2020 at 04:36:55PM +0100, Matt Caswell wrote:
>>
>>> On 08/07/2020 16:28, Viktor Dukhovni wrote:
> How could I set the a System default "MinProtocol" for DTLS and TLS to
On 08.07.20 12:21, Viktor Dukhovni wrote:
> On Wed, Jul 08, 2020 at 04:36:55PM +0100, Matt Caswell wrote:
>
> > On 08/07/2020 16:28, Viktor Dukhovni wrote:
> > >> How could I set the a System default "MinProtocol" for DTLS and TLS to
> > >> 1.2?
> > >
> > > AFAIK, that's not presently possible.
On Wed, Jul 08, 2020 at 05:40:38PM +0100, Matt Caswell wrote:
> > I agree that the situation with MinProtocol in openssl.cnf is
> > unfortunate. But instead of mappings, I would propose a different
> > solution:
> >
> > * Restrict MinProtocol/MaxProtocol to just TLS protocols,
> > i.e.
On 08/07/2020 17:21, Viktor Dukhovni wrote:
> On Wed, Jul 08, 2020 at 04:36:55PM +0100, Matt Caswell wrote:
>
>> On 08/07/2020 16:28, Viktor Dukhovni wrote:
How could I set the a System default "MinProtocol" for DTLS and TLS to 1.2?
>>>
>>> AFAIK, that's not presently possible. You can sp
On Wed, Jul 08, 2020 at 04:36:55PM +0100, Matt Caswell wrote:
> On 08/07/2020 16:28, Viktor Dukhovni wrote:
> >> How could I set the a System default "MinProtocol" for DTLS and TLS to 1.2?
> >
> > AFAIK, that's not presently possible. You can specify application
> > profiles, for applications th
On 08/07/2020 16:28, Viktor Dukhovni wrote:
>> How could I set the a System default "MinProtocol" for DTLS and TLS to 1.2?
>
> AFAIK, that's not presently possible. You can specify application
> profiles, for applications that specify an application name when
> initializing OpenSSL. Or use th
On Wed, Jul 08, 2020 at 04:58:39PM +0200, Klaus Umbach via openssl-users wrote:
> when I set "MinProtocol" to "TLSv1.2" in openssl.cnf, DTLSv1.2 doesn't work
> for
> the client (in my specific case openconnect).
Unfortunately, I think that's expected. The actual bounds are numeric,
and TLS prot
Hi,
when I set "MinProtocol" to "TLSv1.2" in openssl.cnf, DTLSv1.2 doesn't work for
the client (in my specific case openconnect).
According to https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html,
only one value is possible, so I can't set both. The usage of "Protocol",
where I could use
11 matches
Mail list logo