DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-05 02:15:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

nts: disable TLS version 1.2

Browse Source 
Require TLS version 1.3 or later as specified in the latest NTS draft.
This commit is contained in:
Miroslav Lichvar
2020-03-26 15:18:08 +01:00
parent 66dc2b6d6b
commit eedabb3d27
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
nts_ke_session.c
View File

@@ -551,8 +551,9 @@ init_gnutls(void)
if (r < 0)
LOG_FATAL("Could not initialise %s : %s", "gnutls", gnutls_strerror(r));
/* NTS specification requires TLS1.2 or later */
r = gnutls_priority_init2(&priority_cache, "-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1",
/* NTS specification requires TLS1.3 or later */
r = gnutls_priority_init2(&priority_cache,
"-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2",
NULL, GNUTLS_PRIORITY_INIT_DEF_APPEND);
if (r < 0)
LOG_FATAL("Could not initialise %s : %s", "priority cache", gnutls_strerror(r));