Allow disabling the min and max version

author Kurt Roeckx <kurt@roeckx.be>

Sat, 2 Jan 2016 19:06:07 +0000 (20:06 +0100)

committer Kurt Roeckx <kurt@roeckx.be>

Sun, 10 Jan 2016 12:04:55 +0000 (13:04 +0100)
author Kurt Roeckx <kurt@roeckx.be>
Sat, 2 Jan 2016 19:06:07 +0000 (20:06 +0100)
committer Kurt Roeckx <kurt@roeckx.be>
Sun, 10 Jan 2016 12:04:55 +0000 (13:04 +0100)
diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod

index 2f708458e9c1f5d2fb6c7b2e8b53c9077c666327..9feaa2810339f0a9ffdc831d9fff4332abcd0e66 100644 (file)
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -113,7 +113,8 @@ operations are permitted.
  
  Sets the minimum and maximum supported protocol.
  Currently supported protocol values are B<SSLv3>, B<TLSv1>,
-B<TLSv1.1>, B<TLSv1.2> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS.
+B<TLSv1.1>, B<TLSv1.2> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS,
+and B<None> for no limit.
  If the either bound is not specified then only the other bound applies,
  if specified.
  To restrict the supported protocol versions use these commands rather
@@ -275,6 +276,7 @@ This sets the minimum supported SSL, TLS or DTLS version.
  
  Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
  B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
+The value B<None> will disable the limit.
  
  =item B<MaxProtocol>
  
@@ -282,6 +284,7 @@ This sets the maximum supported SSL, TLS or DTLS version.
  
  Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
  B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
+The value B<None> will disable the limit.
  
  =item B<Protocol>
  
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c

index 9529d30842cc10b60b7d3e09fd91b4e841433b25..2c40df159345685cbac9433a1223346d449f217b 100644 (file)
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -332,6 +332,7 @@ static int protocol_from_string(const char *value)
          int version;
      };
      static const struct protocol_versions versions[] = {
+        {"None", 0},
          {"SSLv3", SSL3_VERSION},
          {"TLSv1", TLS1_VERSION},
          {"TLSv1.1", TLS1_1_VERSION},
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c

index bf59eb3925733b19914df4eeba6d5c2013d11b44..7142128fd72137fafab4e01719c3fa37c796bda5 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -834,6 +834,11 @@ int ssl_check_version_downgrade(SSL *s)
   */
  int ssl_set_version_bound(int method_version, int version, int *bound)
  {
+    if (version == 0) {
+        *bound = version;
+        return 1;
+    }
+
      /*-
       * Restrict TLS methods to TLS protocol versions.
       * Restrict DTLS methods to DTLS protocol versions.
author	Kurt Roeckx <kurt@roeckx.be>
	Sat, 2 Jan 2016 19:06:07 +0000 (20:06 +0100)
committer	Kurt Roeckx <kurt@roeckx.be>
	Sun, 10 Jan 2016 12:04:55 +0000 (13:04 +0100)
doc/ssl/SSL_CONF_cmd.pod		patch \| blob \| history
ssl/ssl_conf.c		patch \| blob \| history
ssl/statem/statem_lib.c		patch \| blob \| history