diff --git a/src/internal.c b/src/internal.c index 5d6a8fe3a..76618b59f 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5720,6 +5720,8 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->version = ctx->method->version; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) ssl->options.mask = ctx->mask; + ssl->options.minProto = ctx->minProto; + ssl->options.maxProto = ctx->maxProto; #endif #ifdef OPENSSL_EXTRA #ifdef WOLFSSL_TLS13 diff --git a/src/ssl.c b/src/ssl.c index ef79b1ba1..6adfae966 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16968,7 +16968,7 @@ int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version) } if (version != 0) { proto = version; - wolfSSL_CTX_clear_options(ctx, WOLFSSL_OP_MIN_PROTO); + ctx->minProto = 0; /* turn min proto flag off */ for (i = 0; i < tblSz; i++) { if (verTbl[i] == version) { break; @@ -16981,7 +16981,7 @@ int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version) ret = Set_CTX_min_proto_version(ctx, verTbl[i]); if (ret == WOLFSSL_SUCCESS) { proto = verTbl[i]; - wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_MIN_PROTO); + ctx->minProto = 1; /* turn min proto flag on */ break; } } @@ -17097,7 +17097,7 @@ int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version) WOLFSSL_OP_NO_TLSv1_2 | WOLFSSL_OP_NO_TLSv1_3); wolfSSL_CTX_set_min_proto_version(ctx, minProto); if (version != 0) { - wolfSSL_CTX_clear_options(ctx, WOLFSSL_OP_MAX_PROTO); + ctx->maxProto = 0; /* turn max proto flag off */ return Set_CTX_max_proto_version(ctx, version); } @@ -17105,7 +17105,7 @@ int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version) for (i= 0; i < tblSz; i++) { ret = Set_CTX_max_proto_version(ctx, verTbl[i]); if (ret == WOLFSSL_SUCCESS) { - wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_MAX_PROTO); + ctx->maxProto = 1; /* turn max proto flag on */ break; } } @@ -17342,7 +17342,7 @@ WOLFSSL_API int wolfSSL_CTX_get_min_proto_version(WOLFSSL_CTX* ctx) WOLFSSL_ENTER("wolfSSL_CTX_get_min_proto_version"); if (ctx != NULL) { - if (wolfSSL_CTX_get_options(ctx) & WOLFSSL_OP_MIN_PROTO) { + if (ctx->minProto) { ret = 0; } else { @@ -17400,7 +17400,7 @@ int wolfSSL_CTX_get_max_proto_version(WOLFSSL_CTX* ctx) options = wolfSSL_CTX_get_options(ctx); } - if (options & WOLFSSL_OP_MAX_PROTO) { + if (ctx->maxProto) { ret = 0; } else { diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 60ff15ab2..7f3242db2 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2885,6 +2885,8 @@ struct WOLFSSL_CTX { short minEccKeySz; /* minimum ECC key size */ #endif unsigned long mask; /* store SSL_OP_ flags */ + word16 minProto:1; /* sets min to min available */ + word16 maxProto:1; /* sets max to max available */ #ifdef OPENSSL_EXTRA byte sessionCtx[ID_LEN]; /* app session context ID */ word32 disabledCurves; /* curves disabled by user */ @@ -3566,6 +3568,8 @@ typedef struct Options { #endif /* NO_PSK */ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) unsigned long mask; /* store SSL_OP_ flags */ + word16 minProto:1; /* sets min to min available */ + word16 maxProto:1; /* sets max to max available */ #endif /* on/off or small bit flags, optimize layout */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 498e1130b..6790ff658 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1955,8 +1955,6 @@ enum { SSL_OP_NO_COMPRESSION = 0x10000000, WOLFSSL_OP_NO_TLSv1_3 = 0x20000000, WOLFSSL_OP_NO_SSLv2 = 0x40000000, - WOLFSSL_OP_MAX_PROTO = 0x80000000, - WOLFSSL_OP_MIN_PROTO = 0x100000000, SSL_OP_ALL = (SSL_OP_MICROSOFT_SESS_ID_BUG | SSL_OP_NETSCAPE_CHALLENGE_BUG