[glib-openssl/wip/onlytlsv12: 1/2] Only TLSv1.2 or higher

From: Paolo Borelli <pborelli src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-openssl/wip/onlytlsv12: 1/2] Only TLSv1.2 or higher
Date: Tue, 3 Oct 2017 16:34:08 +0000 (UTC)

commit 19f3d5bcf56e69499a57092126a27b8ab17b95db
Author: Paolo Borelli <pborelli gnome org>
Date:   Tue Oct 3 17:56:02 2017 +0200

    Only TLSv1.2 or higher

 tls/openssl/gtlsserverconnection-openssl.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)
---
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index cd98128..b0a778f 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -251,11 +251,13 @@ g_tls_server_connection_openssl_initable_init (GInitable       *initable,
       return FALSE;
     }
 
+  /* Only TLS 1.2 or higher */
   options = SSL_OP_NO_TICKET |
             SSL_OP_NO_SSLv2 |
-            SSL_OP_NO_SSLv3;
+            SSL_OP_NO_SSLv3 |
+            SSL_OP_NO_TLSv1 |
+            SSL_OP_NO_TLSv1_1;
 
-  /* Only TLS 1.0 or higher */
   SSL_CTX_set_options (priv->ssl_ctx, options);
 
   cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (initable));

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]