Update iaccepted flags for tls-options option of TlsPort cfg parameter

This is to support flags offered by latest openssl-1.1.1. The most important flag is the SSL_OP_NO_TLSv1_3. For more available option please see the see the SSL_set_options documentation: # man SSL_set_options
c-icap · Jul 31, 2020 · 33cbad4 · 33cbad4
1 parent 63bc2a3
commit 33cbad4
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 2 deletions.
diff --git a/c-icap.conf.in b/c-icap.conf.in
@@ -159,9 +159,9 @@ Port 1344
 #		openSSL manual for supported ciphers.
 #	tls-options
 #		Sets various options:
-#		SSL_OP_NO_SSLv2  disable the use of SSLv2
 #		SSL_OP_NO_SSLv3  disable the use of SSLv3
 #		SSL_OP_NO_TLSv1  disable the use of TLSv1
+#		SSL_OP_NO_TLSv1_3 disable the use of TLSv1.3
 #		SSL_OP_NO_TLSv1_2 disable the use of TLSv1.2
 #		SSL_OP_NO_TLSv1_1 disable the use of TLSv1.1
 #		SSL_OP_NO_TICKET  disable the use of RFC5077 session tickets

diff --git a/openssl/openssl_options.c b/openssl/openssl_options.c
@@ -1,5 +1,5 @@
 /*
-  Autogenerated file, build_openssl_opts.pl, Tue Oct  2 12:53:42 2018
+  Autogenerated file, build_openssl_opts.pl, Thu Jul 30 17:11:05 2020
 */
 
 struct {
@@ -63,6 +63,15 @@ struct {
 #if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
     {"SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
 #endif
+#if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
+    {"SSL_OP_NO_ENCRYPT_THEN_MAC", SSL_OP_NO_ENCRYPT_THEN_MAC},
+#endif
+#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
+    {"SSL_OP_ENABLE_MIDDLEBOX_COMPAT", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
+#endif
+#if defined(SSL_OP_PRIORITIZE_CHACHA)
+    {"SSL_OP_PRIORITIZE_CHACHA", SSL_OP_PRIORITIZE_CHACHA},
+#endif
 #if defined(SSL_OP_SINGLE_ECDH_USE)
     {"SSL_OP_SINGLE_ECDH_USE", SSL_OP_SINGLE_ECDH_USE},
 #endif
@@ -75,6 +84,9 @@ struct {
 #if defined(SSL_OP_TLS_ROLLBACK_BUG)
     {"SSL_OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG},
 #endif
+#if defined(SSL_OP_NO_ANTI_REPLAY)
+    {"SSL_OP_NO_ANTI_REPLAY", SSL_OP_NO_ANTI_REPLAY},
+#endif
 #if defined(SSL_OP_NO_SSLv2)
     {"SSL_OP_NO_SSLv2", SSL_OP_NO_SSLv2},
 #endif
@@ -90,6 +102,9 @@ struct {
 #if defined(SSL_OP_NO_TLSv1_1)
     {"SSL_OP_NO_TLSv1_1", SSL_OP_NO_TLSv1_1},
 #endif
+#if defined(SSL_OP_NO_TLSv1_3)
+    {"SSL_OP_NO_TLSv1_3", SSL_OP_NO_TLSv1_3},
+#endif
 #if defined(SSL_OP_NO_DTLSv1)
     {"SSL_OP_NO_DTLSv1", SSL_OP_NO_DTLSv1},
 #endif
@@ -102,6 +117,9 @@ struct {
 #if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
     {"SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
 #endif
+#if defined(SSL_OP_NO_RENEGOTIATION)
+    {"SSL_OP_NO_RENEGOTIATION", SSL_OP_NO_RENEGOTIATION},
+#endif
 #if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
     {"SSL_OP_CRYPTOPRO_TLSEXT_BUG", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
 #endif