SSL options: allow to select TLSv1.3 only

Issue #652 resolved
Codarren Velvindron created an issue

I've been playing with OpenSSL TLS 1.3 branch, which is compliant to draft-18. I will update the patch when tls 1.3 will be finalised.

Comments (3)

  1. Tildeslash repo owner

    Thank you for initial patch, added to monit.

    Note that Monit would work with TLSv1.3 automatically even without this patch, as the default mode is version autoselect (will use TLSv1.3 automatically when supported on both server and client side).

    This patch allows to override the version to be always TLSv1.3 - use with caution as such setting would require support both on client and server part and will be problematic until TLSv1.3 will get support on major part of SSL/TLS infrastructure.

    The patch was missing several critical parts (have fixed as part of the checkin): 1. didn't try detect TLSv1.3 support in 2. the TLSv1.3 token was missing in l.l so the the configuration will throw error if tlsv1.3 is used 3. buffer overflow: tlsv13 protocol name was missing in monit.c 4. documentation missing in monit.pod

  2. Log in to comment