From 2def32ddb304f928caf7c88537edd5369d5f6dbd Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Mon, 18 Sep 2023 16:17:31 -0500 Subject: [PATCH 1/9] support for tls1.3 Signed-off-by: Jordan Filteau --- c/tls.c | 10 +++++++++- h/tls.h | 7 +++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/c/tls.c b/c/tls.c index 377b68cc0..21570ae1e 100644 --- a/c/tls.c +++ b/c/tls.c @@ -67,6 +67,7 @@ int tlsInit(TlsEnvironment **outEnv, TlsSettings *settings) { rc = rc || gsk_attribute_set_enum(env->envHandle, GSK_PROTOCOL_TLSV1, GSK_PROTOCOL_TLSV1_OFF); rc = rc || gsk_attribute_set_enum(env->envHandle, GSK_PROTOCOL_TLSV1_1, GSK_PROTOCOL_TLSV1_1_OFF); rc = rc || gsk_attribute_set_enum(env->envHandle, GSK_PROTOCOL_TLSV1_2, GSK_PROTOCOL_TLSV1_2_ON); + rc = rc || gsk_attribute_set_enum(env->envHandle, GSK_PROTOCOL_TLSV1_3, GSK_PROTOCOL_TLSV1_3_ON); rc = rc || gsk_attribute_set_enum(env->envHandle, GSK_SERVER_EPHEMERAL_DH_GROUP_SIZE, GSK_SERVER_EPHEMERAL_DH_GROUP_SIZE_2048); #ifdef DEV_DO_NOT_VALIDATE_CLIENT_CERTIFICATES @@ -148,6 +149,7 @@ int tlsSocketInit(TlsEnvironment *env, TlsSocket **outSocket, int fd, bool isSer } char *label = env->settings->label; char *ciphers = env->settings->ciphers; + char *keyshares = env->settings->keyshares; rc = rc || gsk_secure_socket_open(env->envHandle, &socket->socketHandle); rc = rc || gsk_attribute_set_numeric_value(socket->socketHandle, GSK_FD, fd); if (label) { @@ -155,9 +157,15 @@ int tlsSocketInit(TlsEnvironment *env, TlsSocket **outSocket, int fd, bool isSer } rc = rc || gsk_attribute_set_enum(socket->socketHandle, GSK_SESSION_TYPE, isServer ? GSK_SERVER_SESSION_WITH_CL_AUTH : GSK_CLIENT_SESSION); if (ciphers) { - rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_V3_CIPHER_SPECS_EXPANDED, ciphers, 0); + rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_V3_CIPHER_SPECS_EXPANDED, ciphers, 0); rc = rc || gsk_attribute_set_enum(socket->socketHandle, GSK_V3_CIPHERS, GSK_V3_CIPHERS_CHAR4); } + if (keyshares) { + /* + * TLS 1.3 needs this. + */ + rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_SERVER_TLS_KEY_SHARES, keyshares, 0); + } rc = rc || gsk_attribute_set_callback(socket->socketHandle, GSK_IO_CALLBACK, &ioCallbacks); rc = rc || gsk_secure_socket_init(socket->socketHandle); if (rc == 0) { diff --git a/h/tls.h b/h/tls.h index f1f9bd59f..e6fa4110b 100644 --- a/h/tls.h +++ b/h/tls.h @@ -121,7 +121,14 @@ typedef struct TlsSettings_tag { #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "C030" // 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and ephemeral ECDH key exchange signed with an RSA certificate #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 "C031" // 128-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and fixed ECDH key exchange signed with an RSA certificate #define TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 "C032" // 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and fixed ECDH key exchange signed with an RSA certificate +#define TLS_AES_128_GCM_SHA256 "1301" +#define TLS_AES_256_GCM_SHA384 "1302" +#define TLS_CHACHA20_POLY1305_SHA256 "1303" char *ciphers; +#define TLS_X25519 "0029" +#define TLS_SECP256R1 "0023" +#define TLS_SECP521R1 "0025" + char *keyshares; } TlsSettings; typedef struct TlsEnvironment_tag { From 18a9627f433d0fa7435f88c0560717ec77af8850 Mon Sep 17 00:00:00 2001 From: struga0258 Date: Wed, 20 Sep 2023 18:47:15 +0000 Subject: [PATCH 2/9] v2.12.0 Signed-off-by: struga0258 --- build/configmgr.proj.env | 2 +- manifest.template.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build/configmgr.proj.env b/build/configmgr.proj.env index 06d81e370..2e9f06a5a 100644 --- a/build/configmgr.proj.env +++ b/build/configmgr.proj.env @@ -1,5 +1,5 @@ PROJECT="configmgr" -VERSION=2.11.0 +VERSION=2.12.0 DEPS="QUICKJS LIBYAML" QUICKJS="quickjs" diff --git a/manifest.template.yaml b/manifest.template.yaml index 4bf312223..f97282940 100644 --- a/manifest.template.yaml +++ b/manifest.template.yaml @@ -1,7 +1,7 @@ --- name: zowe-common-c -version: 2.11.0 +version: 2.12.0 homepage: https://zowe.org keywords: From 77deccd5ace39657c62ccd75839cc2c1639d0180 Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Tue, 10 Oct 2023 09:19:10 -0500 Subject: [PATCH 3/9] reverting white space Signed-off-by: Jordan Filteau --- c/tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/c/tls.c b/c/tls.c index 21570ae1e..745432d6b 100644 --- a/c/tls.c +++ b/c/tls.c @@ -157,7 +157,7 @@ int tlsSocketInit(TlsEnvironment *env, TlsSocket **outSocket, int fd, bool isSer } rc = rc || gsk_attribute_set_enum(socket->socketHandle, GSK_SESSION_TYPE, isServer ? GSK_SERVER_SESSION_WITH_CL_AUTH : GSK_CLIENT_SESSION); if (ciphers) { - rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_V3_CIPHER_SPECS_EXPANDED, ciphers, 0); + rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_V3_CIPHER_SPECS_EXPANDED, ciphers, 0); rc = rc || gsk_attribute_set_enum(socket->socketHandle, GSK_V3_CIPHERS, GSK_V3_CIPHERS_CHAR4); } if (keyshares) { From aaaa4c43fae2dda6082c7098210200f7a96f754e Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Tue, 10 Oct 2023 10:02:43 -0500 Subject: [PATCH 4/9] adding client key shares Signed-off-by: Jordan Filteau --- c/tls.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/c/tls.c b/c/tls.c index 745432d6b..a790f0677 100644 --- a/c/tls.c +++ b/c/tls.c @@ -164,7 +164,11 @@ int tlsSocketInit(TlsEnvironment *env, TlsSocket **outSocket, int fd, bool isSer /* * TLS 1.3 needs this. */ - rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_SERVER_TLS_KEY_SHARES, keyshares, 0); + if (isServer) { + rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_SERVER_TLS_KEY_SHARES, keyshares, 0); + } else { + rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_CLIENT_TLS_KEY_SHARES, keyshares, 0); + } } rc = rc || gsk_attribute_set_callback(socket->socketHandle, GSK_IO_CALLBACK, &ioCallbacks); rc = rc || gsk_secure_socket_init(socket->socketHandle); From d58dd0a5ee84cbe8586fd3cfc197035d6f0d0670 Mon Sep 17 00:00:00 2001 From: Irek Fakhrutdinov Date: Wed, 11 Oct 2023 11:51:19 -0400 Subject: [PATCH 5/9] Change wtoPrintf3 to use va_list Based on the way wtoPrintf3 is used, it should have been coded with va_list instead of varargs. Since this function has just been introduced, and considering the severity, a breaking change should be fine. Fixes: #406 Signed-off-by: Irek Fakhrutdinov --- c/zos.c | 7 ++----- h/zos.h | 8 +++++++- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/c/zos.c b/c/zos.c index 2a5879198..af4c8f663 100644 --- a/c/zos.c +++ b/c/zos.c @@ -1500,9 +1500,8 @@ void wtoMessage(const char *message){ } #define WTO_MAX_SIZE 126 -void wtoPrintf3(const char *formatString, ...) { +void wtoPrintf3(const char *formatString, va_list arg) { char text[WTO_MAX_SIZE+1]; /* Allow for trailing null character */ - va_list argPointer; int cnt; for (int pass=0; pass<2; pass++){ @@ -1515,9 +1514,7 @@ void wtoPrintf3(const char *formatString, ...) { to every successful request. */ - va_start(argPointer,formatString); - cnt = vsnprintf(text,sizeof(text),formatString,argPointer); - va_end(argPointer); + cnt = vsnprintf(text,sizeof(text),formatString,arg); if (cnt<0){ if (pass==0) diff --git a/h/zos.h b/h/zos.h index 1daba3f21..b30787fa0 100644 --- a/h/zos.h +++ b/h/zos.h @@ -13,6 +13,12 @@ #ifndef __ZOS__ #define __ZOS__ 1 +#ifdef METTLE +#include +#else +#include +#endif + #ifndef __LONGNAME__ #define extractPSW EXTRPSW @@ -1538,7 +1544,7 @@ int dsabIsOMVS(DSAB *dsab); void wtoMessage(const char *message); -void wtoPrintf3(const char *formatString, ...); +void wtoPrintf3(const char *formatString, va_list arg); int locate(char *dsn, int *volserCount, char *firstVolser); From 101b4782e71d7d0d7964e4d333c7b765510ff838 Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Thu, 12 Oct 2023 13:21:01 -0500 Subject: [PATCH 6/9] changes to allow disable of TLSv1.3 Signed-off-by: Jordan Filteau --- c/tls.c | 38 ++++++++++++++++++++++++++++++-------- h/tls.h | 8 +++++++- 2 files changed, 37 insertions(+), 9 deletions(-) diff --git a/c/tls.c b/c/tls.c index a790f0677..8e9a6ae72 100644 --- a/c/tls.c +++ b/c/tls.c @@ -15,6 +15,7 @@ #include "bpxnet.h" #include "fdpoll.h" #include "tls.h" +#include "zos.h" int getClientCertificate(gsk_handle soc_handle, char *clientCertificate, unsigned int clientCertificateBufferSize, unsigned int *clientCertificateLength) { @@ -54,6 +55,17 @@ int getClientCertificate(gsk_handle soc_handle, char *clientCertificate, unsigne return rc; } +static int isTLSV13Enabled(TlsSettings *settings) { + ECVT *ecvt = getECVT(); + if ((ecvt->ecvtpseq > 0x1020300) && (settings->maxTls == NULL || !strcmp(settings->maxTls, "TLSv1.3"))) { + return true; + } + /* + Default to false for versions lower than 2.3 and when set to anything other than TLSV1.3. + */ + return false; +} + int tlsInit(TlsEnvironment **outEnv, TlsSettings *settings) { int rc = 0; TlsEnvironment *env = (TlsEnvironment *)safeMalloc(sizeof(*env), "Tls Environment"); @@ -67,7 +79,12 @@ int tlsInit(TlsEnvironment **outEnv, TlsSettings *settings) { rc = rc || gsk_attribute_set_enum(env->envHandle, GSK_PROTOCOL_TLSV1, GSK_PROTOCOL_TLSV1_OFF); rc = rc || gsk_attribute_set_enum(env->envHandle, GSK_PROTOCOL_TLSV1_1, GSK_PROTOCOL_TLSV1_1_OFF); rc = rc || gsk_attribute_set_enum(env->envHandle, GSK_PROTOCOL_TLSV1_2, GSK_PROTOCOL_TLSV1_2_ON); - rc = rc || gsk_attribute_set_enum(env->envHandle, GSK_PROTOCOL_TLSV1_3, GSK_PROTOCOL_TLSV1_3_ON); + /* + We will treat not set as allowing TLSv1.3. + */ + if (isTLSV13Enabled(settings)) { + rc = rc || gsk_attribute_set_enum(env->envHandle, GSK_PROTOCOL_TLSV1_3, GSK_PROTOCOL_TLSV1_3_ON); + } rc = rc || gsk_attribute_set_enum(env->envHandle, GSK_SERVER_EPHEMERAL_DH_GROUP_SIZE, GSK_SERVER_EPHEMERAL_DH_GROUP_SIZE_2048); #ifdef DEV_DO_NOT_VALIDATE_CLIENT_CERTIFICATES @@ -160,14 +177,19 @@ int tlsSocketInit(TlsEnvironment *env, TlsSocket **outSocket, int fd, bool isSer rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_V3_CIPHER_SPECS_EXPANDED, ciphers, 0); rc = rc || gsk_attribute_set_enum(socket->socketHandle, GSK_V3_CIPHERS, GSK_V3_CIPHERS_CHAR4); } - if (keyshares) { - /* - * TLS 1.3 needs this. + /* + To be safe, + */ + if (isTLSV13Enabled(env->settings)) { + if (keyshares) { + /* + Only TLS 1.3 needs this. */ - if (isServer) { - rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_SERVER_TLS_KEY_SHARES, keyshares, 0); - } else { - rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_CLIENT_TLS_KEY_SHARES, keyshares, 0); + if (isServer) { + rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_SERVER_TLS_KEY_SHARES, keyshares, 0); + } else { + rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_CLIENT_TLS_KEY_SHARES, keyshares, 0); + } } } rc = rc || gsk_attribute_set_callback(socket->socketHandle, GSK_IO_CALLBACK, &ioCallbacks); diff --git a/h/tls.h b/h/tls.h index e6fa4110b..cf951cea4 100644 --- a/h/tls.h +++ b/h/tls.h @@ -129,6 +129,12 @@ typedef struct TlsSettings_tag { #define TLS_SECP256R1 "0023" #define TLS_SECP521R1 "0025" char *keyshares; + /* + TLSv1.3 isn't supported on some zos versions. Having it + enabled causes issues. + TODO: Find out why it isn't negotiating 1.2. + */ + char *maxTls; } TlsSettings; typedef struct TlsEnvironment_tag { @@ -161,4 +167,4 @@ int getClientCertificate(gsk_handle soc_handle, char *clientCertificate, unsigne SPDX-License-Identifier: EPL-2.0 Copyright Contributors to the Zowe Project. -*/ \ No newline at end of file +*/ From 415f6f29b929646c3a485057696df8061ec8b076 Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Fri, 13 Oct 2023 14:58:25 -0500 Subject: [PATCH 7/9] separating default and configurable ciphers for 1.2 and 1.3 Signed-off-by: Jordan Filteau --- c/tls.c | 15 ++++++++++----- h/tls.h | 3 ++- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/c/tls.c b/c/tls.c index 8e9a6ae72..06cc4aec2 100644 --- a/c/tls.c +++ b/c/tls.c @@ -165,7 +165,8 @@ int tlsSocketInit(TlsEnvironment *env, TlsSocket **outSocket, int fd, bool isSer return TLS_ALLOC_ERROR; } char *label = env->settings->label; - char *ciphers = env->settings->ciphers; + char *ciphers1_2 = env->settings->ciphers1_2; + char *ciphers1_3 = env->settings->ciphers1_3; char *keyshares = env->settings->keyshares; rc = rc || gsk_secure_socket_open(env->envHandle, &socket->socketHandle); rc = rc || gsk_attribute_set_numeric_value(socket->socketHandle, GSK_FD, fd); @@ -173,14 +174,13 @@ int tlsSocketInit(TlsEnvironment *env, TlsSocket **outSocket, int fd, bool isSer rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_KEYRING_LABEL, label, 0); } rc = rc || gsk_attribute_set_enum(socket->socketHandle, GSK_SESSION_TYPE, isServer ? GSK_SERVER_SESSION_WITH_CL_AUTH : GSK_CLIENT_SESSION); - if (ciphers) { - rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_V3_CIPHER_SPECS_EXPANDED, ciphers, 0); - rc = rc || gsk_attribute_set_enum(socket->socketHandle, GSK_V3_CIPHERS, GSK_V3_CIPHERS_CHAR4); - } /* To be safe, */ if (isTLSV13Enabled(env->settings)) { + if (ciphers1_3) { + rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_V3_CIPHER_SPECS_EXPANDED, ciphers1_3, 0); + } if (keyshares) { /* Only TLS 1.3 needs this. @@ -191,7 +191,12 @@ int tlsSocketInit(TlsEnvironment *env, TlsSocket **outSocket, int fd, bool isSer rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_CLIENT_TLS_KEY_SHARES, keyshares, 0); } } + } else { + if (ciphers1_2) { + rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_V3_CIPHER_SPECS_EXPANDED, ciphers1_3, 0); + } } + rc = rc || gsk_attribute_set_enum(socket->socketHandle, GSK_V3_CIPHERS, GSK_V3_CIPHERS_CHAR4); rc = rc || gsk_attribute_set_callback(socket->socketHandle, GSK_IO_CALLBACK, &ioCallbacks); rc = rc || gsk_secure_socket_init(socket->socketHandle); if (rc == 0) { diff --git a/h/tls.h b/h/tls.h index cf951cea4..7c5ada3fc 100644 --- a/h/tls.h +++ b/h/tls.h @@ -124,7 +124,7 @@ typedef struct TlsSettings_tag { #define TLS_AES_128_GCM_SHA256 "1301" #define TLS_AES_256_GCM_SHA384 "1302" #define TLS_CHACHA20_POLY1305_SHA256 "1303" - char *ciphers; + char *ciphers1_2; #define TLS_X25519 "0029" #define TLS_SECP256R1 "0023" #define TLS_SECP521R1 "0025" @@ -135,6 +135,7 @@ typedef struct TlsSettings_tag { TODO: Find out why it isn't negotiating 1.2. */ char *maxTls; + char *ciphers1_3; } TlsSettings; typedef struct TlsEnvironment_tag { From e71d1ce58520b70d627672170a48caa974736e3b Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Fri, 13 Oct 2023 15:04:43 -0500 Subject: [PATCH 8/9] fixing typo with cipher name Signed-off-by: Jordan Filteau --- c/tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/c/tls.c b/c/tls.c index 06cc4aec2..f3fc5f115 100644 --- a/c/tls.c +++ b/c/tls.c @@ -193,7 +193,7 @@ int tlsSocketInit(TlsEnvironment *env, TlsSocket **outSocket, int fd, bool isSer } } else { if (ciphers1_2) { - rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_V3_CIPHER_SPECS_EXPANDED, ciphers1_3, 0); + rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_V3_CIPHER_SPECS_EXPANDED, ciphers1_2, 0); } } rc = rc || gsk_attribute_set_enum(socket->socketHandle, GSK_V3_CIPHERS, GSK_V3_CIPHERS_CHAR4); From 0d55d47244d37b77bd156fc0376cc0c90e9592a2 Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Fri, 13 Oct 2023 16:47:36 -0500 Subject: [PATCH 9/9] reverting changes Signed-off-by: Jordan Filteau --- c/tls.c | 15 +++++---------- h/tls.h | 3 +-- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/c/tls.c b/c/tls.c index f3fc5f115..557034675 100644 --- a/c/tls.c +++ b/c/tls.c @@ -165,22 +165,22 @@ int tlsSocketInit(TlsEnvironment *env, TlsSocket **outSocket, int fd, bool isSer return TLS_ALLOC_ERROR; } char *label = env->settings->label; - char *ciphers1_2 = env->settings->ciphers1_2; - char *ciphers1_3 = env->settings->ciphers1_3; + char *ciphers = env->settings->ciphers; char *keyshares = env->settings->keyshares; rc = rc || gsk_secure_socket_open(env->envHandle, &socket->socketHandle); rc = rc || gsk_attribute_set_numeric_value(socket->socketHandle, GSK_FD, fd); if (label) { rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_KEYRING_LABEL, label, 0); } + if (ciphers) { + rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_V3_CIPHER_SPECS_EXPANDED, ciphers, 0); + rc = rc || gsk_attribute_set_enum(socket->socketHandle, GSK_V3_CIPHERS, GSK_V3_CIPHERS_CHAR4); + } rc = rc || gsk_attribute_set_enum(socket->socketHandle, GSK_SESSION_TYPE, isServer ? GSK_SERVER_SESSION_WITH_CL_AUTH : GSK_CLIENT_SESSION); /* To be safe, */ if (isTLSV13Enabled(env->settings)) { - if (ciphers1_3) { - rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_V3_CIPHER_SPECS_EXPANDED, ciphers1_3, 0); - } if (keyshares) { /* Only TLS 1.3 needs this. @@ -191,12 +191,7 @@ int tlsSocketInit(TlsEnvironment *env, TlsSocket **outSocket, int fd, bool isSer rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_CLIENT_TLS_KEY_SHARES, keyshares, 0); } } - } else { - if (ciphers1_2) { - rc = rc || gsk_attribute_set_buffer(socket->socketHandle, GSK_V3_CIPHER_SPECS_EXPANDED, ciphers1_2, 0); - } } - rc = rc || gsk_attribute_set_enum(socket->socketHandle, GSK_V3_CIPHERS, GSK_V3_CIPHERS_CHAR4); rc = rc || gsk_attribute_set_callback(socket->socketHandle, GSK_IO_CALLBACK, &ioCallbacks); rc = rc || gsk_secure_socket_init(socket->socketHandle); if (rc == 0) { diff --git a/h/tls.h b/h/tls.h index 7c5ada3fc..cf951cea4 100644 --- a/h/tls.h +++ b/h/tls.h @@ -124,7 +124,7 @@ typedef struct TlsSettings_tag { #define TLS_AES_128_GCM_SHA256 "1301" #define TLS_AES_256_GCM_SHA384 "1302" #define TLS_CHACHA20_POLY1305_SHA256 "1303" - char *ciphers1_2; + char *ciphers; #define TLS_X25519 "0029" #define TLS_SECP256R1 "0023" #define TLS_SECP521R1 "0025" @@ -135,7 +135,6 @@ typedef struct TlsSettings_tag { TODO: Find out why it isn't negotiating 1.2. */ char *maxTls; - char *ciphers1_3; } TlsSettings; typedef struct TlsEnvironment_tag {