> Could you hook up the check to SSL_CTX_set_min_proto_version() and return an error code when level and security policy don't match? It's a modern setter, so it can return 0 on error.
That is interesting proposal.
However, need to be careful as to potentially not break configs, i.e. if they specify min_protocol_level first, then lower the security level.
> Could you hook up the check to SSL_CTX_ set_min_ proto_version( ) and return an error code when level and security policy don't match? It's a modern setter, so it can return 0 on error.
That is interesting proposal.
However, need to be careful as to potentially not break configs, i.e. if they specify min_protocol_level first, then lower the security level.