27 Aug
2017
27 Aug
'17
11:12 a.m.
On 2017-08-27 09:32, Timo Sirainen wrote:
On 26 Aug 2017, at 19.47, Sebastian Andrzej Siewior sebastian@breakpoint.cc wrote:
The openssl library in Debian unstable (targeting Buster) supports TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0. If the admin decides to also support TLS1.[01] users he can then enable the lower protocol version in case the users can't update their system. .. DEF(SET_STR, ssl_protocols), DEF(SET_STR, ssl_cert_username_field), DEF(SET_STR, ssl_crypto_device),
- DEF(SET_STR, ssl_lowest_version), Does it really require a new setting? Couldn't it use the existing ssl_protocols setting?
I think we should set the min protocol version from ssl_protocols, by looking at the lowest SSL protocol field there.
Aki