diff options
Diffstat (limited to 'src/openvpn/ssl_openssl.c')
-rw-r--r-- | src/openvpn/ssl_openssl.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 5689e7c..481600a 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -119,11 +119,16 @@ tmp_rsa_cb (SSL * s, int is_export, int keylength) } void -tls_ctx_server_new(struct tls_root_ctx *ctx) +tls_ctx_server_new(struct tls_root_ctx *ctx, unsigned int ssl_flags) { + const int tls_version_min = (ssl_flags >> SSLF_TLS_VERSION_SHIFT) & SSLF_TLS_VERSION_MASK; + ASSERT(NULL != ctx); - ctx->ctx = SSL_CTX_new (SSLv23_server_method ()); + if (tls_version_min > TLS_VER_UNSPEC) + ctx->ctx = SSL_CTX_new (SSLv23_server_method ()); + else + ctx->ctx = SSL_CTX_new (TLSv1_server_method ()); if (ctx->ctx == NULL) msg (M_SSLERR, "SSL_CTX_new SSLv23_server_method"); @@ -132,11 +137,16 @@ tls_ctx_server_new(struct tls_root_ctx *ctx) } void -tls_ctx_client_new(struct tls_root_ctx *ctx) +tls_ctx_client_new(struct tls_root_ctx *ctx, unsigned int ssl_flags) { + const int tls_version_min = (ssl_flags >> SSLF_TLS_VERSION_SHIFT) & SSLF_TLS_VERSION_MASK; + ASSERT(NULL != ctx); - ctx->ctx = SSL_CTX_new (SSLv23_client_method ()); + if (tls_version_min > TLS_VER_UNSPEC) + ctx->ctx = SSL_CTX_new (SSLv23_client_method ()); + else + ctx->ctx = SSL_CTX_new (TLSv1_client_method ()); if (ctx->ctx == NULL) msg (M_SSLERR, "SSL_CTX_new SSLv23_client_method"); @@ -1345,4 +1355,10 @@ get_highest_preference_tls_cipher (char *buf, int size) SSL_CTX_free (ctx); } +char * +get_ssl_library_version(void) +{ + return SSLeay_version(SSLEAY_VERSION); +} + #endif /* defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL) */ |