mirror of
https://github.com/systemd/systemd.git
synced 2024-12-25 01:34:28 +03:00
resolved: support TLS 1.3 when using GnuTLS for DNS-over-TLS
This commit is contained in:
parent
4310bfc20b
commit
9c0624dcdb
@ -9,6 +9,11 @@
|
||||
#include "resolved-dns-stream.h"
|
||||
#include "resolved-dnstls.h"
|
||||
|
||||
#if GNUTLS_VERSION_NUMBER >= 0x030600
|
||||
#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3"
|
||||
#else
|
||||
#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.2"
|
||||
#endif
|
||||
DEFINE_TRIVIAL_CLEANUP_FUNC(gnutls_session_t, gnutls_deinit);
|
||||
|
||||
static ssize_t dnstls_stream_writev(gnutls_transport_ptr_t p, const giovec_t *iov, int iovcnt) {
|
||||
@ -37,7 +42,7 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
|
||||
return r;
|
||||
|
||||
/* As DNS-over-TLS is a recent protocol, older TLS versions can be disabled */
|
||||
r = gnutls_priority_set_direct(gs, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL);
|
||||
r = gnutls_priority_set_direct(gs, PRIORTY_STRING, NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user