aboutsummaryrefslogtreecommitdiff
path: root/src/include/common/openssl.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/include/common/openssl.h')
-rw-r--r--src/include/common/openssl.h23
1 files changed, 22 insertions, 1 deletions
diff --git a/src/include/common/openssl.h b/src/include/common/openssl.h
index 47fa1299945..9d1c681d9f8 100644
--- a/src/include/common/openssl.h
+++ b/src/include/common/openssl.h
@@ -17,12 +17,33 @@
#ifdef USE_OPENSSL
#include <openssl/ssl.h>
+/*
+ * OpenSSL doesn't provide any very nice way to identify the min/max
+ * protocol versions the library supports, so we fake it as best we can.
+ * Note in particular that this doesn't account for restrictions that
+ * might be specified in the installation's openssl.cnf.
+ *
+ * We disable SSLv3 and older in library setup, so TLSv1 is the oldest
+ * protocol version of interest.
+ */
+#define MIN_OPENSSL_TLS_VERSION "TLSv1"
+
+#if defined(TLS1_3_VERSION)
+#define MAX_OPENSSL_TLS_VERSION "TLSv1.3"
+#elif defined(TLS1_2_VERSION)
+#define MAX_OPENSSL_TLS_VERSION "TLSv1.2"
+#elif defined(TLS1_1_VERSION)
+#define MAX_OPENSSL_TLS_VERSION "TLSv1.1"
+#else
+#define MAX_OPENSSL_TLS_VERSION "TLSv1"
+#endif
+
/* src/common/protocol_openssl.c */
#ifndef SSL_CTX_set_min_proto_version
extern int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
extern int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
#endif
-#endif
+#endif /* USE_OPENSSL */
#endif /* COMMON_OPENSSL_H */
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 19:07:49 +0000