diff options
author | Iwan Timmer <irtimmer@gmail.com> | 2019-06-17 21:24:05 +0200 |
---|---|---|
committer | Iwan Timmer <iwan.timmer@northwave.nl> | 2019-06-19 13:10:44 +0200 |
commit | 9c0624dcdb86360d5cd5eb8c6093b3cd2e6d281b (patch) | |
tree | c61bb1df73196e94baa0f892feec2b2bca038d55 | |
parent | 4310bfc20b84127e19bed68701caa3820c844682 (diff) | |
download | systemd-9c0624dcdb86360d5cd5eb8c6093b3cd2e6d281b.tar.gz |
resolved: support TLS 1.3 when using GnuTLS for DNS-over-TLS
-rw-r--r-- | src/resolve/resolved-dnstls-gnutls.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/resolve/resolved-dnstls-gnutls.c b/src/resolve/resolved-dnstls-gnutls.c index 6eef6117a3..06d635fcc4 100644 --- a/src/resolve/resolved-dnstls-gnutls.c +++ b/src/resolve/resolved-dnstls-gnutls.c @@ -9,6 +9,11 @@ #include "resolved-dns-stream.h" #include "resolved-dnstls.h" +#if GNUTLS_VERSION_NUMBER >= 0x030600 +#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" +#else +#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.2" +#endif DEFINE_TRIVIAL_CLEANUP_FUNC(gnutls_session_t, gnutls_deinit); static ssize_t dnstls_stream_writev(gnutls_transport_ptr_t p, const giovec_t *iov, int iovcnt) { @@ -37,7 +42,7 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) { return r; /* As DNS-over-TLS is a recent protocol, older TLS versions can be disabled */ - r = gnutls_priority_set_direct(gs, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); + r = gnutls_priority_set_direct(gs, PRIORTY_STRING, NULL); if (r < 0) return r; |