diff options
| author | Koichiro IWAO <meta@vmeta.jp> | 2018-08-16 11:31:35 +0900 |
|---|---|---|
| committer | Koichiro IWAO <meta@vmeta.jp> | 2018-09-14 11:50:55 +0900 |
| commit | 74497752dc062d1c2dc9594654a3770e23d989ec (patch) | |
| tree | 28d43bc8c6c8fc9f8195981d38c730124bbed073 | |
| parent | 98e8cec83d1cc0810cc625f7a5727af7e848f779 (diff) | |
| download | xrdp-proprietary-74497752dc062d1c2dc9594654a3770e23d989ec.tar.gz xrdp-proprietary-74497752dc062d1c2dc9594654a3770e23d989ec.zip | |
Add TLSv1.3 support
Actually, TLSv1.3 will be enabled without this change if xrdp is compiled
with OpenSSL or alternatives which support TLSv1.3. This commit makes to
enable or disable TLSv1.3 explicitly. Also, this commit adds a log
"TLSv1.3 enabled by config, but not supported by system OpenSSL". if
xrdp installation doesn't support TLSv1.3. It should be user-friendly.
| -rw-r--r-- | common/ssl_calls.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/common/ssl_calls.c b/common/ssl_calls.c index cb13825e..d1003b8a 100644 --- a/common/ssl_calls.c +++ b/common/ssl_calls.c @@ -1005,7 +1005,22 @@ ssl_get_protocols_from_string(const char *str, long *ssl_protocols) #if defined(SSL_OP_NO_TLSv1_2) protocols |= SSL_OP_NO_TLSv1_2; #endif +#if defined(SSL_OP_NO_TLSv1_3) + protocols |= SSL_OP_NO_TLSv1_3; +#endif bad_protocols = protocols; + if (g_pos(str, ",TLSv1.3,") >= 0) + { +#if defined(SSL_OP_NO_TLSv1_3) + log_message(LOG_LEVEL_DEBUG, "TLSv1.3 enabled"); + protocols &= ~SSL_OP_NO_TLSv1_3; +#else + log_message(LOG_LEVEL_WARNING, + "TLSv1.3 enabled by config, " + "but not supported by system OpenSSL"); + rv |= (1 << 6); +#endif + } if (g_pos(str, ",TLSv1.2,") >= 0) { #if defined(SSL_OP_NO_TLSv1_2) |