On Tue, 19 Aug 2008, Howard Chu wrote:
guenther@sendmail.com wrote:
...
TLS_PROTOCOL_MIN<major>,<minor>
Let's use US convention <major>.<minor>...
Ok.
C: struct ldap_tls_protocol { unsigned char major, minor; } val; val.major = 3; val.minor=0; ldap_set_option(ld, LDAP_OPT_TLS_PROTOCOL_MIN,&val);
I would just use an int, and have the caller OR in the appropriate values.
So: /* force TLS 1.0 or later */ ldap_set_option(ld, LDAP_OPT_TLS_PROTOCOL_MIN, (3 << 8) + 1);
You could also define a few macros for the currently known versions.
Preferences on the format of those macros?
#define LDAP_OPT_X_TLS_PROTOCOL_SSLv2 (2 << 8) #define LDAP_OPT_X_TLS_PROTOCOL_SSLv3 (3 << 8) #define LDAP_OPT_X_TLS_PROTOCOL_TLSv1_0 ((3 << 8) + 1) #define LDAP_OPT_X_TLS_PROTOCOL_TLSv1_1 ((3 << 8) + 2) #define LDAP_OPT_X_TLS_PROTOCOL_TLSv1_2 ((3 << 8) + 3)
?
What are the values for TLS1.1, 1.2, etc?
So far, TLS 1.x == SSL version 3.(x+1).
Philip Guenther