mirrors/xrdp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add TLSv1.3 support

Browse Source 
Actually, TLSv1.3 will be enabled without this change if xrdp is compiled
with OpenSSL or alternatives which support TLSv1.3. This commit makes to
enable or disable TLSv1.3 explicitly.  Also, this commit adds a log
"TLSv1.3 enabled by config, but not supported by system OpenSSL". if
xrdp installation doesn't support TLSv1.3. It should be user-friendly.
This commit is contained in:
Koichiro IWAO 2018-08-16 11:31:35 +09:00
parent 98e8cec83d
commit 74497752dc
No known key found for this signature in database
GPG Key ID: 9F72CDBC01BF10EB
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
common/ssl_calls.c
View File

@ -1004,8 +1004,23 @@ ssl_get_protocols_from_string(const char *str, long *ssl_protocols)
#endif
#if defined(SSL_OP_NO_TLSv1_2)
protocols |= SSL_OP_NO_TLSv1_2;
#endif
#if defined(SSL_OP_NO_TLSv1_3)
protocols |= SSL_OP_NO_TLSv1_3;
#endif
bad_protocols = protocols;
if (g_pos(str, ",TLSv1.3,") >= 0)
{
#if defined(SSL_OP_NO_TLSv1_3)
log_message(LOG_LEVEL_DEBUG, "TLSv1.3 enabled");
protocols &= ~SSL_OP_NO_TLSv1_3;
#else
log_message(LOG_LEVEL_WARNING,
"TLSv1.3 enabled by config, "
"but not supported by system OpenSSL");
rv |= (1 << 6);
#endif
}
if (g_pos(str, ",TLSv1.2,") >= 0)
{
#if defined(SSL_OP_NO_TLSv1_2)