Closed blyxxyz closed 3 years ago
The ubuntu failure seems unrelated to this change. I wonder if they disabled TLS 1.1 in their build? Might be easiest to just enable the vendored
feature in that build setup.
Sounds good. The feature doesn't affect the other platforms, so I've just enabled it unconditionally.
Thanks!
max_protocol_version
set a maximum of one version earlier than it was supposed to.There are two tests that exercise this. I believe they didn't catch it because:
server_tls11_only
sets the samemin_protocol_version
andmax_protocol_version
, which causesschannel
to be configured with no versions at all, which flips it into its default setting (?) which the test also accepts.server_no_shared_protocol
was supposed to fail and still fails if you make it even more restrictive.