[glib-networking/wip/openssl: 22/27] Do not enforce a tls version but let it negotiate it



commit dd8679697f056b9662d1866e3c787b5ee6ef54ee
Author: Ignacio Casal Quinteiro <icq gnome org>
Date:   Fri Sep 25 12:52:57 2015 +0200

    Do not enforce a tls version but let it negotiate it

 tls/openssl/gtlsclientconnection-openssl.c |    9 +--------
 tls/openssl/gtlsserverconnection-openssl.c |    9 +--------
 2 files changed, 2 insertions(+), 16 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index 0a43618..6aa6222 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -416,14 +416,7 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
       return FALSE;
     }
 
-  options = SSL_OP_NO_TICKET |
-            SSL_OP_NO_SSLv2 |
-            SSL_OP_NO_SSLv3 |
-            SSL_OP_NO_TLSv1;
-
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
-  options |= SSL_OP_NO_TLSv1_1;
-#endif
+  options = SSL_OP_NO_TICKET;
 
   /* Only TLS 1.2 or higher */
   SSL_CTX_set_options (priv->ssl_ctx, options);
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index ed8d5ff..8ae2bb8 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -239,14 +239,7 @@ g_tls_server_connection_openssl_initable_init (GInitable       *initable,
       return FALSE;
     }
 
-  options = SSL_OP_NO_TICKET |
-            SSL_OP_NO_SSLv2 |
-            SSL_OP_NO_SSLv3 |
-            SSL_OP_NO_TLSv1;
-
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
-  options |= SSL_OP_NO_TLSv1_1;
-#endif
+  options = SSL_OP_NO_TICKET;
 
   /* Only TLS 1.2 or higher */
   SSL_CTX_set_options (priv->ssl_ctx, options);


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]