enabled TLSv1.1 and TLSv1.2 for STARTTLS.

git-svn-id: svn://sylpheed.sraoss.jp/sylpheed/trunk@3502 ee746299-78ed-0310-b773-934348b2243d
author: hiro <hiro@ee746299-78ed-0310-b773-934348b2243d> 2015-12-21 06:50:35 +0000
committer: hiro <hiro@ee746299-78ed-0310-b773-934348b2243d> 2015-12-21 06:50:35 +0000
commit: adbdd017d532b5548190a815041bed5e5a60ed2f (patch)
tree: b3cc21597de8a080dea21d851d2bbb20e7e1f260 /libsylph
parent: 6bf1fcb644188b1f2e370c9a38151af1eb2c2e4b (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/libsylph/ssl.c b/libsylph/ssl.c
index 4763a741..6ab2fba2 100644
--- a/libsylph/ssl.c
+++ b/libsylph/ssl.c
@@ -137,11 +137,15 @@ void ssl_init(void)
 			g_warning("SSLv23 SSL_CTX_load_verify_locations failed.\n");
 	}
 
-	ssl_ctx_TLSv1 = SSL_CTX_new(TLSv1_client_method());
+	/* ssl_ctx_TLSv1 = SSL_CTX_new(TLSv1_client_method()); */
+	ssl_ctx_TLSv1 = SSL_CTX_new(SSLv23_client_method());
 	if (ssl_ctx_TLSv1 == NULL) {
 		debug_print(_("TLSv1 not available\n"));
 	} else {
 		debug_print(_("TLSv1 available\n"));
+		/* disable SSLv2/SSLv3 */
+		SSL_CTX_set_options(ssl_ctx_TLSv1,
+				    SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
 		if ((certs_file || certs_dir) &&
 		    !SSL_CTX_load_verify_locations(ssl_ctx_TLSv1, certs_file,
 						   certs_dir))
@@ -270,6 +274,8 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method)
 
 	debug_print(_("SSL connection using %s\n"),
 		    SSL_get_cipher(sockinfo->ssl));
+	debug_print("SSL protocol version: %s\n",
+		    SSL_get_version(sockinfo->ssl));
 
 	/* Get server's certificate (note: beware of dynamic allocation) */
author	hiro <hiro@ee746299-78ed-0310-b773-934348b2243d>	2015-12-21 06:50:35 +0000
committer	hiro <hiro@ee746299-78ed-0310-b773-934348b2243d>	2015-12-21 06:50:35 +0000
commit	adbdd017d532b5548190a815041bed5e5a60ed2f (patch)
tree	b3cc21597de8a080dea21d851d2bbb20e7e1f260 /libsylph
parent	6bf1fcb644188b1f2e370c9a38151af1eb2c2e4b (diff)