| Message ID | 4ba969b0779fc939adaa9c78f50a41b7b4bb4483-HTML@gerrit.openvpn.net |
|---|---|
| State | Superseded |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:a68e:b0:57d:b2cb:6cf with SMTP id hn14csp172073mab;
Fri, 14 Jun 2024 04:35:26 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
AJvYcCUX/wXVK16jlHB6Nt0GKz+g0shoo5uD0J2YMgxVeWBMTAzKwIhBPzDUq3tx4e0Ye4k6DT6Ftkecj7nTyedoEngULhr1QHA=
X-Google-Smtp-Source:
AGHT+IGLfUloXFi8Ow16y1YkpOkzog/jevR62ntNhCHM86U5ijTil8LXr30TUnvcsyDFU6ykX2zq
X-Received: by 2002:a05:6a21:9988:b0:1b6:d2e7:160 with SMTP id
adf61e73a8af0-1bae7bb22d5mr2663303637.0.1718364925935;
Fri, 14 Jun 2024 04:35:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1718364925; cv=none;
d=google.com; s=arc-20160816;
b=nkwLOMU+kRui7Nnx+FHHB40bpY9DnUwFUFdaOX0ctZTj6WebNhCELMOSbXtK90S4tn
PkhJTwWJ3j5valvdHu/exjYTlMtWJzsCy4why2uiGF5mQUwadxLr9rtSEju1nufOafeg
ZJy39V6eJZdvkjE80rVWm+elhRfQ8Wd0am3Pi3s6y3nGgo5n1X5SMsPZO6EK6m/lNyDP
DqrI1UD6nAr1qX/3mu+sY/YDaGrABpqZo4ud48xWWJqjcyvdAUVGlCsGk8qSqPACahyT
/mAv6M9rsUTwgyputJwy9Jgr4VNnjVkfD1qf/0u63bmVM41oV7jVsS09rTuZCvss3sWy
r5eA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=errors-to:cc:reply-to:list-subscribe:list-help:list-post
:list-archive:list-unsubscribe:list-id:precedence:subject:user-agent
:mime-version:message-id:references:auto-submitted:to:date:from
:dkim-signature:dkim-signature:dkim-signature;
bh=LErOYt6FdQGv5msqrxanxSTwqi2d9AJaZYk5Wfe0Olo=;
fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=;
b=QN1I59nQlC61IBL/SV6pIsnz6nSJ60Mhc1RefDzueGbwm3JxTCUnyb9YYDhVwjFeEj
oOG0tOgqlxbpQOw5DtG6dHZ4xI2ktw15vKeVKd8IPIFN4OcHa4HqvMtv6htkXEgRF3xa
Bka6fjnROiUxbtdbK8MyepKmgmx8zH91vFG98yLFraDupzRItFOjD7bTnoHDdYJzRspE
0Q9FPPrOT0V+mEg9omUAnkBw6zINDfWFf9ULQyLr1JXwmGwdw93OhczgwAWCMvDmPv0g
7cTBVNDKzadvEgTXCGsiSfuoLVURIIu+JAbiGDGbduyesXtr9vVwoq4wzasByvNpea/u
j1TA==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=LhURzxln;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=g0umIIDN;
dkim=neutral (body hash did not verify) header.i=@openvpn.net
header.s=google header.b=efukAG0O;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
d9443c01a7336-1f855f1b125si33205405ad.603.2024.06.14.04.35.25
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Fri, 14 Jun 2024 04:35:25 -0700 (PDT)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=LhURzxln;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=g0umIIDN;
dkim=neutral (body hash did not verify) header.i=@openvpn.net
header.s=google header.b=efukAG0O;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1sI5Cg-0002s8-Nl;
Fri, 14 Jun 2024 11:34:47 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <gerrit@openvpn.net>) id 1sI5Cf-0002s1-LP
for openvpn-devel@lists.sourceforge.net;
Fri, 14 Jun 2024 11:34:46 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version
:Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:
From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=PfE56sqUGn1N2FJy6afuIzPxGKww31WzxC+lqelibkQ=; b=LhURzxlnprVurnJwcq1T2XjWTD
mHteLk3ucb3saDMBZzDUuLXQT8i2xNjI0RsPVh3CG1CnIzB2iPzvubCStqmF0ARSa0sU0ECPLC8C7
xQHkLWl9xMPaJak8Dk1SmzKzf6kVXhSrEZt9C+exnnzmJXe192+31KpVnH1wMqRLW7pk=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To:
References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID
:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:
Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post:
List-Owner:List-Archive; bh=PfE56sqUGn1N2FJy6afuIzPxGKww31WzxC+lqelibkQ=; b=g
0umIIDNSBbhZsdB+XdcObV/OBgy9owMJCuAUjQFavE6ZOMsbvOPm39TEiyh7Vxie5WSdO+xXuI4ya
4jqlNX4oXjYff64ZxO1T5yaV4SwyjU06N3Cl/6rRf3NcLJA7qwTSPbyY4JhZlTzbxg4c73gRwC967
BuQSvwInva2gIBFw=;
Received: from mail-wr1-f42.google.com ([209.85.221.42])
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95)
id 1sI5Cg-00013Y-OL for openvpn-devel@lists.sourceforge.net;
Fri, 14 Jun 2024 11:34:46 +0000
Received: by mail-wr1-f42.google.com with SMTP id
ffacd0b85a97d-35f223e7691so1282475f8f.1
for <openvpn-devel@lists.sourceforge.net>;
Fri, 14 Jun 2024 04:34:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=openvpn.net; s=google; t=1718364879; x=1718969679;
darn=lists.sourceforge.net;
h=user-agent:content-disposition:content-transfer-encoding
:mime-version:message-id:reply-to:references:subject
:list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc
:subject:date:message-id:reply-to;
bh=PfE56sqUGn1N2FJy6afuIzPxGKww31WzxC+lqelibkQ=;
b=efukAG0OgKNBGChDI8WKZAFzPSzPeu+9fsU/in24zplW8318EyfCmITC4hgMlOyHYO
zVJgFzZgWcEc7HOhFdl24FeydXQw/talflqR+9lgv/oEcKXRpXAkB2UH/pNeFbRc5h9y
6ERFQ9WQF0CzSQNeeQVu4gQU3MfYcONOf4CoAbXN8qDfHkDc8ztzfMaNFvsJqYmLFdbS
3TDxkUlBV9t7xwGhAkWN4ZQqjvZL5CdbqsmCFAplzkkkiP4zqTcHleUz6tG0U7Wz5xN5
mgp+USpiA+42XggExlXg4uQsBkRNqSQSqcQg9O9HUg/Q/XUp4oWjbF9V0oC+dPU0NXqP
BqpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1718364879; x=1718969679;
h=user-agent:content-disposition:content-transfer-encoding
:mime-version:message-id:reply-to:references:subject
:list-unsubscribe:list-id:auto-submitted:cc:to:date:from
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=PfE56sqUGn1N2FJy6afuIzPxGKww31WzxC+lqelibkQ=;
b=gyS7ys+vc+uEpvMnLirYk3H8Tn+hCCMqTy+MlRuwakRsrqVsidELK/ex45JKCz17Gl
Z9nFApyttyQ3/GVhiodtaOaUkmh5KbChliTytv9ICnFViUfwn5g8mdW+3uehDu8/t/GI
TEGav8AZYyxIPYI1gSIj1xjoChlEaCeTZO94VCuvf0W5tthX6FWsnFpkLHYxmGahdnXJ
cAbXqCLJtiVIIQtDjaUEsnqkcJmqoTQoCCzjQalwZ9FFx60x+ODoaboP4dAFv9V2czvl
JREXis/JU8QGkfzMqpYS4m+c3atoLgP/QzzTITWiOgti3TBSR5/O7X9TqYgcKKO0AwAE
+LxA==
X-Gm-Message-State: AOJu0YxXth8g9I2G2+s7HHfavcn6kRba8xaXhLCgEGVTWfcBV+2aeiuY
gHXEC4nZecLzsl6G3M2B6Pc8SWFVPv2t6yry31V1J7SWbUwcdPCJvYvzDrtrB3YEBEPtjQjMLaA
4
X-Received: by 2002:a5d:6545:0:b0:35f:d50:3301 with SMTP id
ffacd0b85a97d-360718c9db7mr5761591f8f.3.1718364879313;
Fri, 14 Jun 2024 04:34:39 -0700 (PDT)
Received: from gerrit.openvpn.in
(ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78])
by smtp.gmail.com with ESMTPSA id
5b1f17b1804b1-42286fe9230sm94098575e9.17.2024.06.14.04.34.38
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 14 Jun 2024 04:34:39 -0700 (PDT)
From: "MaxF (Code Review)" <gerrit@openvpn.net>
X-Google-Original-From: "MaxF (Code Review)" <gerrit@gerrit.openvpn.in>
X-Gerrit-PatchSet: 1
Date: Fri, 14 Jun 2024 11:34:38 +0000
To: plaisthos <arne-openvpn@rfc2549.org>, flichtenheld <frank@lichtenheld.com>
Auto-Submitted: auto-generated
X-Gerrit-MessageType: newchange
X-Gerrit-Change-Id: Ia3883a26ac26df6bbb5353fb074a2e0f814737be
X-Gerrit-Change-Number: 682
X-Gerrit-Project: openvpn
X-Gerrit-ChangeURL: <http://gerrit.openvpn.net/c/openvpn/+/682?usp=email>
X-Gerrit-Commit: 94dd46ed3ea775db3b95317c46377aaf98122b18
References:
<gerrit.1718364874000.Ia3883a26ac26df6bbb5353fb074a2e0f814737be@gerrit.openvpn.net>
Message-ID: <4ba969b0779fc939adaa9c78f50a41b7b4bb4483-HTML@gerrit.openvpn.net>
MIME-Version: 1.0
User-Agent: Gerrit/3.8.2
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
running on the system "util-spamd-2.v13.lw.sourceforge.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Attention is currently required from: flichtenheld,
plaisthos.
Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit
Content analysis details: (-0.2 points, 6.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: openvpn.net]
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[209.85.221.42 listed in sa-trusted.bondedsender.org]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[209.85.221.42 listed in bl.score.senderscore.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.221.42 listed in wl.mailspike.net]
0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
Colors in HTML
X-Headers-End: 1sI5Cg-00013Y-OL
Subject: [Openvpn-devel] [S] Change in openvpn[master]: mbedtls: Remove
support for old TLS versions
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Reply-To: max@max-fillinger.net, arne-openvpn@rfc2549.org,
openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com
Cc: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Content-Type: multipart/mixed; boundary="===============3614231933360551298=="
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1801836220303831220?=
X-GMAIL-MSGID: =?utf-8?q?1801836220303831220?=
X-getmail-filter-classifier: gerrit message type newchange
|
| Series |
[Openvpn-devel,S] Change in openvpn[master]: mbedtls: Remove support for old TLS versions
|
expand
|
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index a68588e..e25fb84 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -1040,12 +1040,8 @@ { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) return TLS_VER_1_2; -#elif defined(MBEDTLS_SSL_PROTO_TLS1_1) - return TLS_VER_1_1; -#elif defined(MBEDTLS_SSL_PROTO_TLS1) - return TLS_VER_1_0; #else /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */ - #error "mbedtls is compiled without support for TLS 1.0, 1.1 and 1.2." + #error "mbedtls is compiled without support for TLS 1.2." #endif /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */ } @@ -1067,27 +1063,12 @@ switch (tls_ver) { -#if defined(MBEDTLS_SSL_PROTO_TLS1) - case TLS_VER_1_0: - *major = MBEDTLS_SSL_MAJOR_VERSION_3; - *minor = MBEDTLS_SSL_MINOR_VERSION_1; - break; -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_1) - case TLS_VER_1_1: - *major = MBEDTLS_SSL_MAJOR_VERSION_3; - *minor = MBEDTLS_SSL_MINOR_VERSION_2; - break; -#endif - #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case TLS_VER_1_2: *major = MBEDTLS_SSL_MAJOR_VERSION_3; *minor = MBEDTLS_SSL_MINOR_VERSION_3; break; #endif - default: msg(M_FATAL, "%s: invalid or unsupported TLS version %d", __func__, tls_ver); break;
Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/682?usp=email to review the following change. Change subject: mbedtls: Remove support for old TLS versions ...................................................................... mbedtls: Remove support for old TLS versions Recent versions of mbedtls have dropped support for TLS 1.0 and 1.1. Rather than checking which versions are supported, drop support for everything before 1.2. Change-Id: Ia3883a26ac26df6bbb5353fb074a2e0f814737be Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com> --- M src/openvpn/ssl_mbedtls.c 1 file changed, 1 insertion(+), 20 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/82/682/1