ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

tls-crypto: Only log modified TLS versions if successfully set 

If no cipher suites are available, the new versions are the previous
values but reversed (i.e. the versions were not changed but we still
ended up with a log message saying "TLS min/max TLS 1.3/TLS 1.0 ...").

Also switched to using the numeric version names to avoid the repeated
"TLS" prefix.
This commit is contained in:
Tobias Brunner 2021-01-14 15:11:13 +01:00
parent 92aef122c3
commit 8cf3998f1a
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/libtls/tls_crypto.c
View File

@ -1222,12 +1222,12 @@ static void build_cipher_suite_list(private_tls_crypto_t *this)
new_max_version = min(new_max_version, max_version);
new_min_version = max(new_min_version, min_version);
if (min_version != new_min_version || max_version != new_max_version)
if ((min_version != new_min_version || max_version != new_max_version) &&
this->tls->set_version(this->tls, new_min_version, new_max_version))
{
this->tls->set_version(this->tls, new_min_version, new_max_version);
DBG2(DBG_TLS, "TLS min/max %N/%N according to the cipher suites",
tls_version_names, new_min_version,
tls_version_names, new_max_version);
tls_numeric_version_names, new_min_version,
tls_numeric_version_names, new_max_version);
}
}