SSL options: allow to select TLSv1.3 only

Comments (3)

1. 

   Tildeslash repo owner

   • marked as trivial
   • assigned issue to
     
     Tildeslash
   • changed title to SSL options: allow to select TLSv1.3 only

   • 2017-09-17T19:26:00+00:00
2. 

   Tildeslash repo owner

   Thank you for initial patch, added to monit.

   Note that Monit would work with TLSv1.3 automatically even without this patch, as the default mode is version autoselect (will use TLSv1.3 automatically when supported on both server and client side).

   This patch allows to override the version to be always TLSv1.3 - use with caution as such setting would require support both on client and server part and will be problematic until TLSv1.3 will get support on major part of SSL/TLS infrastructure.

   The patch was missing several critical parts (have fixed as part of the checkin): 1. didn't try detect TLSv1.3 support in configure.ac 2. the TLSv1.3 token was missing in l.l so the the configuration will throw error if tlsv1.3 is used 3. buffer overflow: tlsv13 protocol name was missing in monit.c 4. documentation missing in monit.pod

   • 2017-09-17T19:36:21+00:00
3. 

   Tildeslash repo owner

   • changed status to resolved

   https://bitbucket.org/tildeslash/monit/commits/7510b93ab761/

   • 2017-09-17T19:36:47+00:00
4. Log in to comment