Make minimum DTLS version configurable #156

algesten · 2023-04-18T07:52:12Z

By default we should disallow DTLS 1.0. To do this we need a PR to land in rust-openssl crate: sfackler/rust-openssl#1886

The man page in openssl: https://www.openssl.org/docs/man3.1/man3/DTLSv1_2_method.html - tells us DTLSv1_2_method is deprecated. The way to limit the DTLS version (or TLS for that matter), is to use SSL_CTX_set_min_proto_version. In the Rust wrapper of openssl this corresponds to https://docs.rs/openssl/0.10.50/openssl/ssl/struct.SslContextBuilder.html#method.set_min_proto_version however SslVersion constant lacks the values we need: https://docs.rs/openssl/0.10.50/openssl/ssl/struct.SslVersion.html

The text was updated successfully, but these errors were encountered:

xnorpx · 2023-06-15T04:54:05Z

Should be released now?

xnorpx · 2023-08-24T18:41:44Z

@algesten could this be closed now?

algesten · 2023-08-24T18:42:39Z

It's not configurable yet. We do lock it down however.

algesten · 2023-12-09T04:40:38Z

Let's continue this in #326

algesten closed this as not planned Won't fix, can't repro, duplicate, stale Dec 9, 2023

Provide feedback