Closed grahamedgecombe closed 7 years ago
I've started looking at implementing this.
Looks like the first thing to do is to replace SSL_CTX_add_server_custom_ext with SSL_CTX_add_custom_ext on OpenSSL >= 1.1.1. This will allow us to drop the SSL_EXT_TLS1_2_AND_BELOW_ONLY flag.
SSL_CTX_add_server_custom_ext
SSL_CTX_add_custom_ext
SSL_EXT_TLS1_2_AND_BELOW_ONLY
Done in 8b533971f7450639879f382e5fc9ea61eba009db
I've started looking at implementing this.
Looks like the first thing to do is to replace
SSL_CTX_add_server_custom_ext
withSSL_CTX_add_custom_ext
on OpenSSL >= 1.1.1. This will allow us to drop theSSL_EXT_TLS1_2_AND_BELOW_ONLY
flag.