[glib-openssl] client: support only tls v1.2 or higher

[Ignacio Casal Quinteiro <icq src gnome org>]

commit 324908498213252fd5f8da4e0683cf3dd13cfd15
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date:   Wed Oct 18 17:35:33 2017 +0200

    client: support only tls v1.2 or higher

 tls/openssl/gtlsclientconnection-openssl.c |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index 298320a..4a1bb39 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -437,12 +437,16 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
       return FALSE;
     }
 
-  options = SSL_OP_NO_TICKET;
-  hostname = get_server_identity (client);
-
   /* Only TLS 1.2 or higher */
+  options = SSL_OP_NO_TICKET |
+            SSL_OP_NO_SSLv2 |
+            SSL_OP_NO_SSLv3 |
+            SSL_OP_NO_TLSv1 |
+            SSL_OP_NO_TLSv1_1;
   SSL_CTX_set_options (priv->ssl_ctx, options);
 
+  hostname = get_server_identity (client);
+
 #if OPENSSL_VERSION_NUMBER >= 0x10200000L && !defined (LIBRESSL_VERSION_NUMBER)
   if (hostname)
     {