From 04a77910fa4adb5845cbcf751dd7c3522c191474 Mon Sep 17 00:00:00 2001
From: Thomas White <taw@physics.org>
Date: Wed, 9 Jan 2019 14:00:21 +0100
Subject: Require at least TLS1.2

---
 libsylph/ssl.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/libsylph/ssl.c b/libsylph/ssl.c
index 84139250..2dca3048 100644
--- a/libsylph/ssl.c
+++ b/libsylph/ssl.c
@@ -139,14 +139,13 @@ void ssl_init(void)
 	}
 
 	/* ssl_ctx_TLSv1 = SSL_CTX_new(TLSv1_client_method()); */
-	ssl_ctx_TLSv1 = SSL_CTX_new(SSLv23_client_method());
+	ssl_ctx_TLSv1 = SSL_CTX_new(TLS_client_method());
 	if (ssl_ctx_TLSv1 == NULL) {
 		debug_print(_("TLSv1 not available\n"));
 	} else {
 		debug_print(_("TLSv1 available\n"));
 		/* disable SSLv2/SSLv3 */
-		SSL_CTX_set_options(ssl_ctx_TLSv1,
-				    SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
+		SSL_CTX_set_min_proto_version(ssl_ctx_TLSv1, TLS1_2_VERSION);
 		if ((certs_file || certs_dir) &&
 		    !SSL_CTX_load_verify_locations(ssl_ctx_TLSv1, certs_file,
 						   certs_dir))
-- 
cgit v1.2.3