Change default min TLS version to TLS 1.0

2025-07-29 11:41:15 +03:00 · 2015-03-31 14:21:11 +02:00
parent d16df8f60a
commit 8c8be1ebbb
10 changed files with 16 additions and 31 deletions
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -99,7 +99,7 @@
 #define DFL_RENEGO_DELAY        -2
 #define DFL_RENEGO_PERIOD       -1
 #define DFL_EXCHANGES           1
-#define DFL_MIN_VERSION         SSL_MINOR_VERSION_1
+#define DFL_MIN_VERSION         -1
 #define DFL_MAX_VERSION         -1
 #define DFL_ARC4                -1
 #define DFL_AUTH_MODE           -1
@ -316,8 +316,8 @@
    USAGE_ETM                                               \
    "\n"                                                    \
    "    arc4=%%d             default: (library default: 0)\n" \
-    "    min_version=%%s      default: \"ssl3\"\n"          \
-    "    max_version=%%s      default: \"tls1_2\"\n"        \
+    "    min_version=%%s      default: (library default: tls1)\n"       \
+    "    max_version=%%s      default: (library default: tls1_2)\n"     \
    "    force_version=%%s    default: \"\" (none)\n"       \
    "                        options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
    "\n"                                                                \
@ -1734,17 +1734,17 @@ int main( int argc, char *argv[] )
    }
 #endif

-    if( opt.min_version != -1 )
+    if( opt.min_version != DFL_MIN_VERSION )
    {
        ret = ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
-        if( ret != 0 && opt.min_version != DFL_MIN_VERSION )
+        if( ret != 0 )
        {
            polarssl_printf( " failed\n  ! selected min_version is not available\n" );
            goto exit;
        }
    }

-    if( opt.max_version != -1 )
+    if( opt.max_version != DFL_MIN_VERSION )
    {
        ret = ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
        if( ret != 0 )