[libsoup] Disable TLS 1.2 in addition to 1.0 and 1.1

From: Dan Winship <danw src gnome org>
To: commits-list gnome org
Cc:
Subject: [libsoup] Disable TLS 1.2 in addition to 1.0 and 1.1
Date: Tue, 29 Jun 2010 13:50:34 +0000 (UTC)

commit 01a43ad9824fba77384534c6d588e0e0d653986e
Author: Dan Winship <danw gnome org>
Date:   Tue Jun 29 09:43:20 2010 -0400

    Disable TLS 1.2 in addition to 1.0 and 1.1
    
    Due to bug 581342 we want to only negotiate SSL 3.0. Previously we
    were telling gnutls to not do TLS1.0 or TLS1.1, but that means with
    newer versions of gnutls that support TLS1.2 it would try to negotiate
    that instead and generally fail. Fix that by disabling TLS1.2 too
    (which works fine even with gnutls versions that don't support TLS1.2
    yet).
    
    https://bugzilla.gnome.org/show_bug.cgi?id=622857

 libsoup/soup-gnutls.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/libsoup/soup-gnutls.c b/libsoup/soup-gnutls.c
index cb0fbe5..0b57f28 100644
--- a/libsoup/soup-gnutls.c
+++ b/libsoup/soup-gnutls.c
@@ -477,7 +477,7 @@ soup_ssl_wrap_iochannel (GIOChannel *sock, gboolean non_blocking,
 		goto THROW_CREATE_ERROR;
 
 	/* See http://bugzilla.gnome.org/show_bug.cgi?id=581342 */
-	if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0)
+	if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0)
 		goto THROW_CREATE_ERROR;
 
 	if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE,

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]