diff options
| -rw-r--r-- | src/openvpn/options.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 5e8d9dc..1e0284e 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2525,6 +2525,24 @@ options_postprocess_mutate (struct options *o) options_postprocess_http_proxy_override(o); #endif +#ifdef ENABLE_CRYPTOAPI + if (o->cryptoapi_cert) + { + const int tls_version_max = + (o->ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) & + SSLF_TLS_VERSION_MAX_MASK; + + if (tls_version_max == TLS_VER_UNSPEC || tls_version_max > TLS_VER_1_1) + { + msg(M_WARN, "Warning: cryptapicert used, setting maximum TLS " + "version to 1.1."); + o->ssl_flags &= ~(SSLF_TLS_VERSION_MAX_MASK << + SSLF_TLS_VERSION_MAX_SHIFT); + o->ssl_flags |= (TLS_VER_1_1 << SSLF_TLS_VERSION_MAX_SHIFT); + } + } +#endif /* ENABLE_CRYPTOAPI */ + #if P2MP /* * Save certain parms before modifying options via --pull |