version 1.34, 2020/05/10 16:55:28 |
version 1.35, 2020/05/13 10:18:03 |
|
|
BIO_printf(bio_err, " -cipher arg - play with 'openssl ciphers' to see what goes here\n"); |
BIO_printf(bio_err, " -cipher arg - play with 'openssl ciphers' to see what goes here\n"); |
BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n"); |
BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n"); |
BIO_printf(bio_err, " -quiet - Inhibit printing of session and certificate information\n"); |
BIO_printf(bio_err, " -quiet - Inhibit printing of session and certificate information\n"); |
|
BIO_printf(bio_err, " -tls1_3 - Just talk TLSv1.3\n"); |
BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n"); |
BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n"); |
BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n"); |
BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n"); |
BIO_printf(bio_err, " -tls1 - Just talk TLSv1\n"); |
BIO_printf(bio_err, " -tls1 - Just talk TLSv1\n"); |
|
|
BIO_printf(bio_err, " -no_tls1 - Just disable TLSv1\n"); |
BIO_printf(bio_err, " -no_tls1 - Just disable TLSv1\n"); |
BIO_printf(bio_err, " -no_tls1_1 - Just disable TLSv1.1\n"); |
BIO_printf(bio_err, " -no_tls1_1 - Just disable TLSv1.1\n"); |
BIO_printf(bio_err, " -no_tls1_2 - Just disable TLSv1.2\n"); |
BIO_printf(bio_err, " -no_tls1_2 - Just disable TLSv1.2\n"); |
|
BIO_printf(bio_err, " -no_tls1_3 - Just disable TLSv1.3\n"); |
#ifndef OPENSSL_NO_DH |
#ifndef OPENSSL_NO_DH |
BIO_printf(bio_err, " -no_dhe - Disable ephemeral DH\n"); |
BIO_printf(bio_err, " -no_dhe - Disable ephemeral DH\n"); |
#endif |
#endif |
|
|
const char *alpn_in = NULL; |
const char *alpn_in = NULL; |
const char *groups_in = NULL; |
const char *groups_in = NULL; |
tlsextalpnctx alpn_ctx = { NULL, 0 }; |
tlsextalpnctx alpn_ctx = { NULL, 0 }; |
|
uint16_t min_version = 0, max_version = 0; |
|
|
if (single_execution) { |
if (single_execution) { |
if (pledge("stdio rpath inet dns tty", NULL) == -1) { |
if (pledge("stdio rpath inet dns tty", NULL) == -1) { |
|
|
} |
} |
} |
} |
|
|
meth = SSLv23_server_method(); |
meth = TLS_server_method(); |
|
|
local_argc = argc; |
local_argc = argc; |
local_argv = argv; |
local_argv = argv; |
|
|
off |= SSL_OP_NO_TLSv1_1; |
off |= SSL_OP_NO_TLSv1_1; |
} else if (strcmp(*argv, "-no_tls1_2") == 0) { |
} else if (strcmp(*argv, "-no_tls1_2") == 0) { |
off |= SSL_OP_NO_TLSv1_2; |
off |= SSL_OP_NO_TLSv1_2; |
|
} else if (strcmp(*argv, "-no_tls1_3") == 0) { |
|
off |= SSL_OP_NO_TLSv1_3; |
} else if (strcmp(*argv, "-no_comp") == 0) { |
} else if (strcmp(*argv, "-no_comp") == 0) { |
off |= SSL_OP_NO_COMPRESSION; |
off |= SSL_OP_NO_COMPRESSION; |
} else if (strcmp(*argv, "-no_ticket") == 0) { |
} else if (strcmp(*argv, "-no_ticket") == 0) { |
off |= SSL_OP_NO_TICKET; |
off |= SSL_OP_NO_TICKET; |
} else if (strcmp(*argv, "-tls1") == 0) { |
} else if (strcmp(*argv, "-tls1") == 0) { |
meth = TLSv1_server_method(); |
min_version = TLS1_VERSION; |
|
max_version = TLS1_VERSION; |
} else if (strcmp(*argv, "-tls1_1") == 0) { |
} else if (strcmp(*argv, "-tls1_1") == 0) { |
meth = TLSv1_1_server_method(); |
min_version = TLS1_1_VERSION; |
|
max_version = TLS1_1_VERSION; |
} else if (strcmp(*argv, "-tls1_2") == 0) { |
} else if (strcmp(*argv, "-tls1_2") == 0) { |
meth = TLSv1_2_server_method(); |
min_version = TLS1_2_VERSION; |
|
max_version = TLS1_2_VERSION; |
|
} else if (strcmp(*argv, "-tls1_3") == 0) { |
|
min_version = TLS1_3_VERSION; |
|
max_version = TLS1_3_VERSION; |
} |
} |
#ifndef OPENSSL_NO_DTLS1 |
#ifndef OPENSSL_NO_DTLS1 |
else if (strcmp(*argv, "-dtls1") == 0) { |
else if (strcmp(*argv, "-dtls1") == 0) { |
meth = DTLSv1_server_method(); |
meth = DTLS_server_method(); |
socket_type = SOCK_DGRAM; |
socket_type = SOCK_DGRAM; |
} else if (strcmp(*argv, "-timeout") == 0) |
} else if (strcmp(*argv, "-timeout") == 0) |
enable_timeouts = 1; |
enable_timeouts = 1; |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
|
|
|
if (!SSL_CTX_set_min_proto_version(ctx, min_version)) |
|
goto end; |
|
if (!SSL_CTX_set_max_proto_version(ctx, max_version)) |
|
goto end; |
|
|
if (session_id_prefix) { |
if (session_id_prefix) { |
if (strlen(session_id_prefix) >= 32) |
if (strlen(session_id_prefix) >= 32) |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
|
|
|
if (!SSL_CTX_set_min_proto_version(ctx2, min_version)) |
|
goto end; |
|
if (!SSL_CTX_set_max_proto_version(ctx2, max_version)) |
|
goto end; |
} |
} |
if (ctx2) { |
if (ctx2) { |
BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); |
BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); |