diff options
| author | Thomas White <taw@physics.org> | 2019-01-09 14:00:21 +0100 |
|---|---|---|
| committer | Thomas White <taw@physics.org> | 2019-05-16 15:16:52 +0200 |
| commit | 04a77910fa4adb5845cbcf751dd7c3522c191474 (patch) | |
| tree | 151035d7189e56cf2d6cda14934dee4bca5fcf60 | |
| parent | dc84b60f647049357ab72c4940392c6778b181dc (diff) | |
Require at least TLS1.2taw/master
| -rw-r--r-- | libsylph/ssl.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/libsylph/ssl.c b/libsylph/ssl.c index 84139250..2dca3048 100644 --- a/libsylph/ssl.c +++ b/libsylph/ssl.c @@ -139,14 +139,13 @@ void ssl_init(void) } /* ssl_ctx_TLSv1 = SSL_CTX_new(TLSv1_client_method()); */ - ssl_ctx_TLSv1 = SSL_CTX_new(SSLv23_client_method()); + ssl_ctx_TLSv1 = SSL_CTX_new(TLS_client_method()); if (ssl_ctx_TLSv1 == NULL) { debug_print(_("TLSv1 not available\n")); } else { debug_print(_("TLSv1 available\n")); /* disable SSLv2/SSLv3 */ - SSL_CTX_set_options(ssl_ctx_TLSv1, - SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3); + SSL_CTX_set_min_proto_version(ssl_ctx_TLSv1, TLS1_2_VERSION); if ((certs_file || certs_dir) && !SSL_CTX_load_verify_locations(ssl_ctx_TLSv1, certs_file, certs_dir)) |