review, calculate also max TLS version

radicale/server.py

@@ -188,18 +188,24 @@ class ParallelHTTPSServer(ParallelHTTPServer):
         logger.info("SSL load files certificate='%s' key='%s'", certfile, keyfile)
         context.load_cert_chain(certfile=certfile, keyfile=keyfile)
         if protocol:
-            logger.info("SSL set explicit protocol: '%s'", protocol)
+            logger.info("SSL set explicit protocols (maybe not all supported by underlying OpenSSL): '%s'", protocol)
             context.options = utils.ssl_context_options_by_protocol(protocol, context.options)
             context.minimum_version = utils.ssl_context_minimum_version_by_options(context.options)
+            if (context.minimum_version == 0):
+                raise RuntimeError("No SSL minimum protocol active")
+            context.maximum_version = utils.ssl_context_maximum_version_by_options(context.options)
+            if (context.maximum_version == 0):
+                raise RuntimeError("No SSL maximum protocol active")
         else:
-            logger.info("SSL default protocol active")
-        logger.info("SSL minimum acceptable protocol: %s", context.minimum_version)
+            logger.info("SSL active protocols: (system-default)")
+        logger.debug("SSL minimum acceptable protocol: %s", context.minimum_version)
+        logger.debug("SSL maximum acceptable protocol: %s", context.maximum_version)
         logger.info("SSL accepted protocols: %s", ' '.join(utils.ssl_get_protocols(context)))
         if ciphersuite:
-            logger.info("SSL set explicit ciphersuite: '%s'", ciphersuite)
+            logger.info("SSL set explicit ciphersuite (maybe not all supported by underlying OpenSSL): '%s'", ciphersuite)
             context.set_ciphers(ciphersuite)
         else:
-            logger.info("SSL default ciphersuite active")
+            logger.info("SSL active ciphersuite: (system-default)")
         cipherlist = []
         for entry in context.get_ciphers():
             cipherlist.append(entry["name"])