forked from openvswitch/ovs
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
stream-ssl: Support protocol ranges.
The NO options are deprecated since OpenSSL 1.1.0: * SSL_OP_NO_SSLv3 * SSL_OP_NO_TLSv1 * SSL_OP_NO_TLSv1_1 * SSL_OP_NO_TLSv1_2 SSL_CTX_set_min/max_proto_version API should be used instead. Change the "ssl-protocols" configuration option to parse values and enable ranges with this new API instead. This means that we'll start enabling protocols that may not be enabled by the user, e.g. --ssl-protocols="TLSv1,TLSv1.2" will now enable TLSv1.1 as well. But it's probably not a big deal, and there will be no way to turn off one protocol in the middle in the future anyway, since the OpenSSL API required to do so is deprecated. And such configurations are very unlikely to be used in practice. At least, that was one of the reasons for OpenSSL to change the API in the first place. While at it, allow users to configure simple ranges, instead of lists. For example, OVS will now allow values like "TLSv1-TLSv1.2" to enable all versions between TLSv1 and TLSv1.2, or "TLSv1.1+" to allow TLSv1.1 or any later version. The option still accepts a list of protocols or exactly one range. Signed-off-by: Ilya Maximets <[email protected]>
- Loading branch information
Showing
5 changed files
with
132 additions
and
82 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters