Commit bb5d8001 authored by François Grisez's avatar François Grisez

Makes the TLS context support all versions of TLS except SSLv2 and SSLv3

parent 3876008a
......@@ -292,25 +292,13 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
#endif
if (tls->ctx == NULL) {
const SSL_METHOD *meth;
/* meth = SSLv3_method(); */
/* meth = SSLv23_method(); */
if (ti->version){
/*meth = TLS_method(); this works only for openssl 1.1*/
/*meanwhile we can use this:*/
#ifdef SSL_TXT_TLSV1_2
meth = TLSv1_2_method();
#elif defined(SSL_TXT_TLSV1_1)
meth = TLSv1_1_method();
#else
meth = TLSv1_method();
#endif
}else
meth = SSLv23_method();
tls->ctx = SSL_CTX_new((SSL_METHOD*)meth);
/* Create a TLS context supported all versions of the
* protocol excepted SSLv2 and SSLv3. Despite its
* confusing name, SSLv23_method() means using
* all versions of TLS protocol.
*/
tls->ctx = SSL_CTX_new(SSLv23_method());
SSL_CTX_set_options(tls->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
}
if (tls->ctx == NULL) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment