1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00

resolved: support TLS 1.3 when using GnuTLS for DNS-over-TLS

This commit is contained in:
Iwan Timmer 2019-06-17 21:24:05 +02:00 committed by Iwan Timmer
parent 4310bfc20b
commit 9c0624dcdb

View File

@ -9,6 +9,11 @@
#include "resolved-dns-stream.h"
#include "resolved-dnstls.h"
#if GNUTLS_VERSION_NUMBER >= 0x030600
#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3"
#else
#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.2"
#endif
DEFINE_TRIVIAL_CLEANUP_FUNC(gnutls_session_t, gnutls_deinit);
static ssize_t dnstls_stream_writev(gnutls_transport_ptr_t p, const giovec_t *iov, int iovcnt) {
@ -37,7 +42,7 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
return r;
/* As DNS-over-TLS is a recent protocol, older TLS versions can be disabled */
r = gnutls_priority_set_direct(gs, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL);
r = gnutls_priority_set_direct(gs, PRIORTY_STRING, NULL);
if (r < 0)
return r;