Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

如果设置了 TLS min/max protocol version, 进行 NTLS 握手会报 unsupported protocol 错误 #513

Closed
timonwong opened this issue Nov 1, 2023 · 0 comments · Fixed by #526
Closed

如果设置了 TLS min/max protocol version, 进行 NTLS 握手会报 unsupported protocol 错误 #513

timonwong opened this issue Nov 1, 2023 · 0 comments · Fixed by #526
Assignees
@dongbeiouba
Labels
branch-8.3 branch-8.4 bug Something isn't working master

Comments

@timonwong
Copy link

timonwong commented Nov 1, 2023
edited
Loading

Tongsuo 版本 8.3.3

如果一个 server 同时支持国际 TLS 和 NTLS,然后设置了 min/max protocol version:

SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);

那么当进行 NTLS 握手的时候,就会报 tls_early_post_process_client_hello:unsupported protocol 这个错误,原因应该是 ssl_choose_server_version_ntls 使用了 TLS 的版本检查。而且 TLS 的版本大于 NTLS 的,因此只要设置了 TLS version check,那么 NTLS 就不能通过

#310 (comment) 可以的话希望 TLS 和 NTLS 能分别设置
@timonwong timonwong changed the title 如果设置了 TLS protocol version, 进行 NTLS 握手会报 unsupported protocol 错误 如果设置了 TLS min/max protocol version, 进行 NTLS 握手会报 unsupported protocol 错误 Nov 2, 2023
@dongbeiouba dongbeiouba self-assigned this Nov 27, 2023
@dongbeiouba dongbeiouba mentioned this issue Nov 28, 2023
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dongbeiouba dongbeiouba

Labels
branch-8.3 branch-8.4 bug Something isn't working master
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix NTLS failed when set min and max version for TLS
2 participants
@timonwong @dongbeiouba