Support for TLS 1.3 from OpenSSL 1.1.1

Based on PR #97 from @wmark.
This commit is contained in:
Bruno Silvestre 2018-09-12 19:06:46 -03:00
parent 2ecf239cfe
commit 421c897dd3
3 changed files with 28 additions and 2 deletions

View File

@ -41,6 +41,11 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
lua_pushstring(L, "tlsv1_2"); lua_pushstring(L, "tlsv1_2");
lua_pushboolean(L, 1); lua_pushboolean(L, 1);
lua_rawset(L, -3); lua_rawset(L, -3);
#if defined(TLS1_3_VERSION)
lua_pushstring(L, "tlsv1_3");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#endif
lua_rawset(L, -3); lua_rawset(L, -3);

View File

@ -102,7 +102,13 @@ static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
*vmax = TLS1_2_VERSION; *vmax = TLS1_2_VERSION;
return TLS_method(); return TLS_method();
} }
#if defined(TLS1_3_VERSION)
else if (!strcmp(method, "tlsv1_3")) {
*vmin = TLS1_3_VERSION;
*vmax = TLS1_3_VERSION;
return TLS_method();
}
#endif
return NULL; return NULL;
} }
#endif #endif

View File

@ -13,7 +13,7 @@
/* If you need to generate these options again, see options.lua */ /* If you need to generate these options again, see options.lua */
/* /*
OpenSSL version: OpenSSL 1.1.0h OpenSSL version: OpenSSL 1.1.1
*/ */
struct ssl_option_s { struct ssl_option_s {
@ -26,6 +26,9 @@ static ssl_option_t ssl_options[] = {
#if defined(SSL_OP_ALL) #if defined(SSL_OP_ALL)
{"all", SSL_OP_ALL}, {"all", SSL_OP_ALL},
#endif #endif
#if defined(SSL_OP_ALLOW_NO_DHE_KEX)
{"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
#endif
#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) #if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
{"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION}, {"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
#endif #endif
@ -44,6 +47,9 @@ static ssl_option_t ssl_options[] = {
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) #if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS}, {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
#endif #endif
#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
{"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
#endif
#if defined(SSL_OP_EPHEMERAL_RSA) #if defined(SSL_OP_EPHEMERAL_RSA)
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA}, {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
#endif #endif
@ -71,6 +77,9 @@ static ssl_option_t ssl_options[] = {
#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) #if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG}, {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
#endif #endif
#if defined(SSL_OP_NO_ANTI_REPLAY)
{"no_anti_replay", SSL_OP_NO_ANTI_REPLAY},
#endif
#if defined(SSL_OP_NO_COMPRESSION) #if defined(SSL_OP_NO_COMPRESSION)
{"no_compression", SSL_OP_NO_COMPRESSION}, {"no_compression", SSL_OP_NO_COMPRESSION},
#endif #endif
@ -116,12 +125,18 @@ static ssl_option_t ssl_options[] = {
#if defined(SSL_OP_NO_TLSv1_2) #if defined(SSL_OP_NO_TLSv1_2)
{"no_tlsv1_2", SSL_OP_NO_TLSv1_2}, {"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
#endif #endif
#if defined(SSL_OP_NO_TLSv1_3)
{"no_tlsv1_3", SSL_OP_NO_TLSv1_3},
#endif
#if defined(SSL_OP_PKCS1_CHECK_1) #if defined(SSL_OP_PKCS1_CHECK_1)
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1}, {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
#endif #endif
#if defined(SSL_OP_PKCS1_CHECK_2) #if defined(SSL_OP_PKCS1_CHECK_2)
{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2}, {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
#endif #endif
#if defined(SSL_OP_PRIORITIZE_CHACHA)
{"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA},
#endif
#if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG) #if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
{"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG}, {"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
#endif #endif