libtls: Reduce default max version to 1.2
Using TLS 1.3 with various EAP methods is not yet fully standardized, so we don't enable it by default yet.
This commit is contained in:
parent
663969ddf7
commit
92aef122c3
|
@ -476,7 +476,7 @@ charon.tls.suites
|
|||
charon.tls.version_min = 1.0
|
||||
Minimum TLS version to negotiate.
|
||||
|
||||
charon.tls.version_max = 1.3
|
||||
charon.tls.version_max = 1.2
|
||||
Maximum TLS version to negotiate.
|
||||
|
||||
charon.user
|
||||
|
|
|
@ -468,8 +468,8 @@ static void determine_versions(private_tls_t *this)
|
|||
}
|
||||
}
|
||||
if (this->version_max == TLS_UNSPEC)
|
||||
{
|
||||
this->version_max = TLS_SUPPORTED_MAX;
|
||||
{ /* default to TLS 1.2 until 1.3 is stable for use in EAP */
|
||||
this->version_max = TLS_1_2;
|
||||
|
||||
version_str = lib->settings->get_str(lib->settings, "%s.tls.version_max",
|
||||
NULL, lib->ns);
|
||||
|
|
Loading…
Reference in New Issue