mirror/openvpn3
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-20 20:13:05 +02:00
Code
1,456 Commits 3 Branches 40 Tags 12 MiB
79013381dc
Commit Graph

9 Commits

Author SHA1 Message Date
James Yonan
356b6c3ad0 SSL core : fixed some benign cases where the std::string 
return value of Option::get_optional() was being
assigned to a reference (const std::string&).  Better to
assign to a value (const std::string).
 2016-05-01 21:56:46 -06:00
James Yonan
134ba710f2 ovpn3 core globals cleanup: 
1. move all const globals into anonymous namespace
2. make sure that all non-class functions are inline
3. refactor class static data members
 2015-11-25 11:34:41 -07:00
James Yonan
f6ae9caec3 In tlsver.hpp, break out parse_tls_version_min() core 
functionality into a new method that can be called
with simple parameters and without an OptionList.
 2015-10-15 23:40:52 -07:00
James Yonan
35ac9f6229 Renamed types.hpp to size.hpp since it now only defines 
size_t and ssize_t.
 2015-05-17 13:27:34 -06:00
James Yonan
5c31950852 Added TLS version min override parameter to ClientAPI::Config: 
// Override the minimum TLS version:
  //   disabled -- don't specify a minimum, and disable any minimum
  //               specified in profile
  //   default or ""  -- use profile minimum
  //   tls_1_0  -- use TLS 1.0 minimum (overrides profile)
  //   tls_1_1  -- use TLS 1.1 minimum (overrides profile)
  //   tls_1_2  -- use TLS 1.2 minimum (overrides profile)
  std::string tlsVersionMinOverride;
 2015-02-04 20:29:43 -07:00
James Yonan
c2c7292a70 Updated copyright to 2015. 2015-01-06 12:56:21 -07:00
James Yonan
2c6d972ad6 Added AGPL copyright/licensing language. 2014-07-20 21:22:06 -06:00
James Yonan
b95c7dff1a Core: when tls-version directive is unspecified, internally 
represent that as TLSVersion::UNDEF.  For OpenSSL driver,
TLSVersion::UNDEF will trigger legacy TLSv1 connections
using TLSv1_server_method() and TLSv1_client_method().
 2014-03-03 18:38:44 -07:00
James Yonan
2198df06f2 Added tls-version-min directive: 
tls-version-min <version> ['or-highest'] -- sets the minimum
TLS version we will accept from the peer.  Examples for version
include "1.0", "1.1", or "1.2".  If 'or-highest' is specified
and version is not recognized, we will only accept the highest TLS
version supported by the local SSL implementation.

Examples:

tls-version-min 1.1 -- fail the connection unless peer can
  connect at TLS 1.1 or higher.

tls-version-min 1.3 or-highest -- require that the peer
  connect at TLS 1.3 or higher, however if the local SSL
  implementation doesn't support TLS 1.3 (as it wouldn't in 2013
  since TLS 1.3 doesn't exist yet), reduce the minimum required
  version to the highest version supported by the local SSL
  implementation (such as TLS 1.2).  This is intended to allow
  client configurations to target higher TLS versions that are
  supported on the server, even if some older clients don't
  support these versions yet.
 2013-06-06 22:18:17 +00:00