Teach bssl server about -max-version and -min-version.
Change-Id: Ifbfae883638b35bb274f2002bc53fbba77c7aa85
Reviewed-on: https://boringssl-review.googlesource.com/8821
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/tool/server.cc b/tool/server.cc
index 14f37a4..e0aeb13 100644
--- a/tool/server.cc
+++ b/tool/server.cc
@@ -31,6 +31,14 @@
"An OpenSSL-style cipher suite string that configures the offered ciphers",
},
{
+ "-max-version", kOptionalArgument,
+ "The maximum acceptable protocol version",
+ },
+ {
+ "-min-version", kOptionalArgument,
+ "The minimum acceptable protocol version",
+ },
+ {
"-key", kOptionalArgument,
"Private-key file to use (default is server.pem)",
},
@@ -118,6 +126,26 @@
return false;
}
+ if (args_map.count("-max-version") != 0) {
+ uint16_t version;
+ if (!VersionFromString(&version, args_map["-max-version"])) {
+ fprintf(stderr, "Unknown protocol version: '%s'\n",
+ args_map["-max-version"].c_str());
+ return false;
+ }
+ SSL_CTX_set_max_version(ctx, version);
+ }
+
+ if (args_map.count("-min-version") != 0) {
+ uint16_t version;
+ if (!VersionFromString(&version, args_map["-min-version"])) {
+ fprintf(stderr, "Unknown protocol version: '%s'\n",
+ args_map["-min-version"].c_str());
+ return false;
+ }
+ SSL_CTX_set_min_version(ctx, version);
+ }
+
if (args_map.count("-ocsp-response") != 0 &&
!LoadOCSPResponse(ctx, args_map["-ocsp-response"].c_str())) {
fprintf(stderr, "Failed to load OCSP response: %s\n", args_map["-ocsp-response"].c_str());