In TLSProxy::Proxy, specify TLSv1.2 as maximum allowable protocol
authorRichard Levitte <levitte@openssl.org>
Mon, 19 Mar 2018 07:06:22 +0000 (08:06 +0100)
committerRichard Levitte <levitte@openssl.org>
Mon, 19 Mar 2018 07:46:35 +0000 (08:46 +0100)
Partially fixes #5661

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5662)

util/perl/TLSProxy/Proxy.pm

index 88b048e..7d9cb37 100644 (file)
@@ -178,7 +178,7 @@ sub start
     $pid = fork();
     if ($pid == 0) {
         my $execcmd = $self->execute
-            ." s_server -no_comp -rev -engine ossltest -accept "
+            ." s_server -max_protocol TLSv1.2 -no_comp -rev -engine ossltest -accept "
             .($self->server_port)
             ." -cert ".$self->cert." -naccept ".$self->serverconnects;
         unless ($self->supports_IPv6) {
@@ -215,7 +215,7 @@ sub clientstart
                 $echostr = "test";
             }
             my $execcmd = "echo ".$echostr." | ".$self->execute
-                 ." s_client -engine ossltest -connect "
+                 ." s_client -max_protocol TLSv1.2 -engine ossltest -connect "
                  .($self->proxy_addr).":".($self->proxy_port);
             unless ($self->supports_IPv6) {
                 $execcmd .= " -4";