libtls: Reduce default max version to 1.2

Using TLS 1.3 with various EAP methods is not yet fully standardized, so we
don't enable it by default yet.
This commit is contained in:
Tobias Brunner 2021-01-13 15:26:33 +01:00
parent 663969ddf7
commit 92aef122c3
2 changed files with 3 additions and 3 deletions

View File

@ -476,7 +476,7 @@ charon.tls.suites
charon.tls.version_min = 1.0
Minimum TLS version to negotiate.
charon.tls.version_max = 1.3
charon.tls.version_max = 1.2
Maximum TLS version to negotiate.
charon.user

View File

@ -468,8 +468,8 @@ static void determine_versions(private_tls_t *this)
}
}
if (this->version_max == TLS_UNSPEC)
{
this->version_max = TLS_SUPPORTED_MAX;
{ /* default to TLS 1.2 until 1.3 is stable for use in EAP */
this->version_max = TLS_1_2;
version_str = lib->settings->get_str(lib->settings, "%s.tls.version_max",
NULL, lib->ns);