From c07751a50df9e543771b2a9b40c09a3649333612 Mon Sep 17 00:00:00 2001 From: Ed Kellett Date: Sun, 1 Nov 2020 00:03:17 +0000 Subject: [PATCH] Remove hardcoded TLSv1 disables --- librb/src/gnutls_ratbox.h | 1 - librb/src/mbedtls.c | 4 ++-- librb/src/openssl.c | 4 ---- 3 files changed, 2 insertions(+), 7 deletions(-) diff --git a/librb/src/gnutls_ratbox.h b/librb/src/gnutls_ratbox.h index 6def3086..6362b903 100644 --- a/librb/src/gnutls_ratbox.h +++ b/librb/src/gnutls_ratbox.h @@ -31,6 +31,5 @@ static const char rb_gnutls_default_priority_str[] = "" "!3DES-CBC:" "!MD5:" "VERS-TLS-ALL:" - "!VERS-TLS1.0:" "!VERS-SSL3.0:" "%SAFE_RENEGOTIATION"; diff --git a/librb/src/mbedtls.c b/librb/src/mbedtls.c index 25bbb0fb..b7460e0c 100644 --- a/librb/src/mbedtls.c +++ b/librb/src/mbedtls.c @@ -233,8 +233,8 @@ rb_mbedtls_cfg_new(void) mbedtls_ssl_conf_authmode(&cfg->server_cfg, MBEDTLS_SSL_VERIFY_OPTIONAL); mbedtls_ssl_conf_authmode(&cfg->client_cfg, MBEDTLS_SSL_VERIFY_NONE); - mbedtls_ssl_conf_min_version(&cfg->server_cfg, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2); - mbedtls_ssl_conf_min_version(&cfg->client_cfg, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2); + mbedtls_ssl_conf_min_version(&cfg->server_cfg, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1); + mbedtls_ssl_conf_min_version(&cfg->client_cfg, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1); #ifdef MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE mbedtls_ssl_conf_legacy_renegotiation(&cfg->client_cfg, MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE); diff --git a/librb/src/openssl.c b/librb/src/openssl.c index b2f179a1..4d3994ce 100644 --- a/librb/src/openssl.c +++ b/librb/src/openssl.c @@ -431,10 +431,6 @@ rb_setup_ssl_server(const char *const certfile, const char *keyfile, (void) SSL_CTX_set_options(ssl_ctx_new, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); #endif - #ifdef SSL_OP_NO_TLSv1 - (void) SSL_CTX_set_options(ssl_ctx_new, SSL_OP_NO_TLSv1); - #endif - #ifdef SSL_OP_NO_TICKET (void) SSL_CTX_set_options(ssl_ctx_new, SSL_OP_NO_TICKET); #endif