Changeset 82e55d2


Ignore:
Timestamp:
2016-09-29T17:53:41Z (4 years ago)
Author:
dequis <dx@…>
Branches:
master
Children:
58d285a
Parents:
ff468a7
Message:

ssl_openssl: Allow TLS versions newer than 1.0

Another victim of SSLv23_client_method's terrible name. At least we
weren't forcing ssl 3.0.

Thanks kl3 for pointing this out.

Despite what this commit might suggest, using openssl is not recommended
at all. Potential GPL incompatibility aside, that module doesn't have
certificate verification code. Don't use it unless you have a good
reason to do so.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • lib/ssl_openssl.c

    rff468a7 r82e55d2  
    6767        SSL_library_init();
    6868
    69         meth = TLSv1_client_method();
     69        meth = SSLv23_client_method();
    7070        ssl_ctx = SSL_CTX_new(meth);
     71        SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
    7172
    7273        initialized = TRUE;
Note: See TracChangeset for help on using the changeset viewer.