diff options
author | Arne Schwabe | 2018-10-10 17:36:24 +0200 |
---|---|---|
committer | Gert Doering | 2018-10-11 20:34:45 +0200 |
commit | 7aeabadd69fca0071152c42d58fee0b565f01eb3 (patch) | |
tree | 3b9998b14c3d1b2f79aec5affbfa9ef94a938a58 /src/openvpn/ssl_backend.h | |
parent | ed31cf2ab718d879615dea81e6a17d26537ab43a (diff) | |
download | openvpn-7aeabadd69fca0071152c42d58fee0b565f01eb3.zip openvpn-7aeabadd69fca0071152c42d58fee0b565f01eb3.tar.gz |
Add better support for showing TLS 1.3 ciphersuites in --show-tls
--show-tls shows mixed TLS 1.3 and TLS 1.2 ciphers. The listed ciphers
are only valid in either --tls-cipher or --tls-ciphersuites, but it's
not clear which is which. This is confusing and not really helpful.
This patch modifies show-tls to show separate lists for TLS 1.2 and
TLS 1.3.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20181010153624.27957-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17723.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/ssl_backend.h')
-rw-r--r-- | src/openvpn/ssl_backend.h | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index 2ae3bcd..1c244ec 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -517,15 +517,19 @@ int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf, void print_details(struct key_state_ssl *ks_ssl, const char *prefix); /* - * Show the TLS ciphers that are available for us to use in the OpenSSL - * library. + * Show the TLS ciphers that are available for us to use in the + * library depending on the TLS version. This function prints + * a list of ciphers without headers/footers. * * @param cipher_list list of allowed TLS cipher, or NULL. * @param tls_cert_profile TLS certificate crypto profile name. + * @param tls13 Select if <=TLS1.2 or TLS1.3+ ciphers + * should be shown */ void -show_available_tls_ciphers(const char *cipher_list, - const char *tls_cert_profile); +show_available_tls_ciphers_list(const char *cipher_list, + const char *tls_cert_profile, + bool tls13); /* * Show the available elliptic curves in the crypto library |