diff options
| author | Bernhard Schmidt <berni@debian.org> | 2019-02-20 14:11:51 +0100 |
|---|---|---|
| committer | Bernhard Schmidt <berni@debian.org> | 2019-02-20 14:11:51 +0100 |
| commit | 39ddb9cc8281bd239b94a3023da6329edb6718c1 (patch) | |
| tree | dc6a8e7f1018f59f088c5b06b48eb24efe17f22d /src/openvpn/ssl_backend.h | |
| parent | d5078cc44b8919a25cb7507e9e6da1d66f25bb5b (diff) | |
| parent | 87356242baf10c8b2a94d9013e436ed2a0dada53 (diff) | |
Update upstream source from tag 'upstream/2.4.7'
Update to upstream version '2.4.7'
with Debian dir d01da6ef78dc8ce91265e8f319468f6c34d23af8
Diffstat (limited to 'src/openvpn/ssl_backend.h')
| -rw-r--r-- | src/openvpn/ssl_backend.h | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index e704de8..c614efa 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -171,7 +171,8 @@ bool tls_ctx_initialised(struct tls_root_ctx *ctx); bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags); /** - * Restrict the list of ciphers that can be used within the TLS context. + * Restrict the list of ciphers that can be used within the TLS context for TLS 1.2 + * and below * * @param ctx TLS context to restrict, must be valid. * @param ciphers String containing : delimited cipher names, or NULL to use @@ -180,6 +181,16 @@ bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags); void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers); /** + * Restrict the list of ciphers that can be used within the TLS context for TLS 1.3 + * and higher + * + * @param ctx TLS context to restrict, must be valid. + * @param ciphers String containing : delimited cipher names, or NULL to use + * sane defaults. + */ +void tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers); + +/** * Set the TLS certificate profile. The profile defines which crypto * algorithms may be used in the supplied certificate. * @@ -515,15 +526,19 @@ int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf, void print_details(struct key_state_ssl *ks_ssl, const char *prefix); /* - * Show the TLS ciphers that are available for us to use in the OpenSSL - * library. + * Show the TLS ciphers that are available for us to use in the + * library depending on the TLS version. This function prints + * a list of ciphers without headers/footers. * * @param cipher_list list of allowed TLS cipher, or NULL. * @param tls_cert_profile TLS certificate crypto profile name. + * @param tls13 Select if <=TLS1.2 or TLS1.3+ ciphers + * should be shown */ void -show_available_tls_ciphers(const char *cipher_list, - const char *tls_cert_profile); +show_available_tls_ciphers_list(const char *cipher_list, + const char *tls_cert_profile, + bool tls13); /* * Show the available elliptic curves in the crypto library |