openssl/ssl
Viktor Dukhovni 7717459892 Avoid errors with a priori inapplicable protocol bounds
The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
ignore TLS protocol version bounds when configurign DTLS-based contexts,
and conversely, silently ignore DTLS protocol version bounds when
configuring TLS-based contexts.  The commands can be repeated to set
bounds of both types.  The same applies with the corresponding
"min_protocol" and "max_protocol" command-line switches, in case some
application uses both TLS and DTLS.

SSL_CTX instances that are created for a fixed protocol version (e.g.
TLSv1_server_method()) also silently ignore version bounds.  Previously
attempts to apply bounds to these protocol versions would result in an
error.  Now only the "version-flexible" SSL_CTX instances are subject to
limits in configuration files in command-line options.

Expected to resolve #12394

Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #12472
2020-07-21 16:40:07 -02:00
..
record Update copyright year 2020-07-16 14:47:04 +02:00
statem Avoid errors with a priori inapplicable protocol bounds 2020-07-21 16:40:07 -02:00
bio_ssl.c Update copyright year 2020-05-15 14:09:49 +01:00
build.info Add provider support for TLS CBC padding and MAC removal 2020-07-06 09:26:09 +01:00
d1_lib.c Reorganize local header files 2019-09-28 20:26:35 +02:00
d1_msg.c Reorganize local header files 2019-09-28 20:26:35 +02:00
d1_srtp.c Update copyright year 2020-05-15 14:09:49 +01:00
methods.c Update some inclusions of <openssl/macros.h> 2019-11-07 11:37:25 +01:00
pqueue.c Reorganize local header files 2019-09-28 20:26:35 +02:00
s3_cbc.c Update copyright year 2020-04-23 13:55:52 +01:00
s3_enc.c Convert SSLv3 handling to use provider side CBC/MAC removal 2020-07-06 09:26:09 +01:00
s3_lib.c Update the various SSL group getting and setting functions 2020-06-19 10:19:31 +01:00
s3_msg.c Reorganize local header files 2019-09-28 20:26:35 +02:00
ssl_asn1.c Explicitly test against NULL; do not use !p or similar 2019-10-09 21:32:15 +02:00
ssl_cert_table.h Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_cert.c SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys 2020-05-15 16:43:31 +02:00
ssl_ciph.c deprecate engines in SSL 2020-07-16 09:12:27 +02:00
ssl_conf.c Avoid errors with a priori inapplicable protocol bounds 2020-07-21 16:40:07 -02:00
ssl_err.c Provider a better error message if we fail to copy parameters 2020-06-19 10:19:32 +01:00
ssl_init.c Providerized libssl fallout: cleanup init 2020-07-11 15:13:09 -07:00
ssl_lib.c deprecate engines in SSL 2020-07-16 09:12:27 +02:00
ssl_local.h Convert SSLv3 handling to use provider side CBC/MAC removal 2020-07-06 09:26:09 +01:00
ssl_mcnf.c Reorganize local header files 2019-09-28 20:26:35 +02:00
ssl_rsa.c Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() 2020-05-27 14:36:13 +02:00
ssl_sess.c deprecate engines in SSL 2020-07-16 09:12:27 +02:00
ssl_stat.c Reorganize local header files 2019-09-28 20:26:35 +02:00
ssl_txt.c Update copyright year 2020-04-23 13:55:52 +01:00
ssl_utst.c Reorganize local header files 2019-09-28 20:26:35 +02:00
t1_enc.c Revert "kdf: make function naming consistent." 2020-07-16 14:21:07 +02:00
t1_lib.c Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 2020-07-16 14:21:07 +02:00
t1_trce.c t1_trce: Fix remaining places where the 24 bit shift overflow happens 2020-05-20 17:31:56 +02:00
tls13_enc.c Revert "kdf: make function naming consistent." 2020-07-16 14:21:07 +02:00
tls_srp.c Update copyright year 2020-04-23 13:55:52 +01:00