1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-10 03:30:39 +03:00

Add Tls_Disable1_3

Add Tls_Disable1_3 like Tls_Disable1_2 etc.
This change is part of v4.34-9744-beta e3370fb62c31eb10d0d221e628161863358d4cc3 .
This commit is contained in:
dnobori 2020-05-05 15:10:29 +09:00 committed by Takuho NAKANO
parent 3baf4674e7
commit 144392c587
3 changed files with 10 additions and 0 deletions

View File

@ -6043,6 +6043,7 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
c->SslAcceptSettings.Tls_Disable1_0 = CfgGetBool(f, "Tls_Disable1_0"); c->SslAcceptSettings.Tls_Disable1_0 = CfgGetBool(f, "Tls_Disable1_0");
c->SslAcceptSettings.Tls_Disable1_1 = CfgGetBool(f, "Tls_Disable1_1"); c->SslAcceptSettings.Tls_Disable1_1 = CfgGetBool(f, "Tls_Disable1_1");
c->SslAcceptSettings.Tls_Disable1_2 = CfgGetBool(f, "Tls_Disable1_2"); c->SslAcceptSettings.Tls_Disable1_2 = CfgGetBool(f, "Tls_Disable1_2");
c->SslAcceptSettings.Tls_Disable1_3 = CfgGetBool(f, "Tls_Disable1_3");
s->StrictSyslogDatetimeFormat = CfgGetBool(f, "StrictSyslogDatetimeFormat"); s->StrictSyslogDatetimeFormat = CfgGetBool(f, "StrictSyslogDatetimeFormat");
@ -6377,6 +6378,7 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
CfgAddBool(f, "Tls_Disable1_0", c->SslAcceptSettings.Tls_Disable1_0); CfgAddBool(f, "Tls_Disable1_0", c->SslAcceptSettings.Tls_Disable1_0);
CfgAddBool(f, "Tls_Disable1_1", c->SslAcceptSettings.Tls_Disable1_1); CfgAddBool(f, "Tls_Disable1_1", c->SslAcceptSettings.Tls_Disable1_1);
CfgAddBool(f, "Tls_Disable1_2", c->SslAcceptSettings.Tls_Disable1_2); CfgAddBool(f, "Tls_Disable1_2", c->SslAcceptSettings.Tls_Disable1_2);
CfgAddBool(f, "Tls_Disable1_3", c->SslAcceptSettings.Tls_Disable1_3);
CfgAddInt(f, "DhParamBits", c->DhParamBits); CfgAddInt(f, "DhParamBits", c->DhParamBits);
// Disable session reconnect // Disable session reconnect

View File

@ -12147,6 +12147,13 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, UINT ssl_timeout, char *sni_hostname)
} }
#endif // SSL_OP_NO_TLSv1_2 #endif // SSL_OP_NO_TLSv1_2
#ifdef SSL_OP_NO_TLSv1_3
if (sock->SslAcceptSettings.Tls_Disable1_3)
{
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
}
#endif // SSL_OP_NO_TLSv1_3
Unlock(openssl_lock); Unlock(openssl_lock);
AddChainSslCertOnDirectory(ssl_ctx); AddChainSslCertOnDirectory(ssl_ctx);
Lock(openssl_lock); Lock(openssl_lock);

View File

@ -147,6 +147,7 @@ struct SSL_ACCEPT_SETTINGS
bool Tls_Disable1_0; bool Tls_Disable1_0;
bool Tls_Disable1_1; bool Tls_Disable1_1;
bool Tls_Disable1_2; bool Tls_Disable1_2;
bool Tls_Disable1_3;
}; };
// Socket // Socket