27 Aug
2017
27 Aug
'17
1:46 p.m.
On 27 August 2017 08:32:06 CEST, Timo Sirainen tss@iki.fi wrote:
DEF(SET_STR, ssl_protocols), DEF(SET_STR, ssl_cert_username_field), DEF(SET_STR, ssl_crypto_device),
- DEF(SET_STR, ssl_lowest_version),
Does it really require a new setting? Couldn't it use the existing ssl_protocols setting? You need to set a minimal version. SSL_PROTOLS can be set tls1.0 and tls1.2 which avoids tls1.1. Not saying that it is a good thing to do. Also you set it to not do sslv2 and sslv3 which then enables tls1.0+. If you want change its definition to use as a minimal version, be my guest. Or if you plan to scan the string and match for the lowest version then this could work, too.
Sebastian