Remove hardcoded TLSv1 disables
This commit is contained in:
parent
c1f9603bba
commit
c07751a50d
3 changed files with 2 additions and 7 deletions
|
@ -31,6 +31,5 @@ static const char rb_gnutls_default_priority_str[] = ""
|
||||||
"!3DES-CBC:"
|
"!3DES-CBC:"
|
||||||
"!MD5:"
|
"!MD5:"
|
||||||
"VERS-TLS-ALL:"
|
"VERS-TLS-ALL:"
|
||||||
"!VERS-TLS1.0:"
|
|
||||||
"!VERS-SSL3.0:"
|
"!VERS-SSL3.0:"
|
||||||
"%SAFE_RENEGOTIATION";
|
"%SAFE_RENEGOTIATION";
|
||||||
|
|
|
@ -233,8 +233,8 @@ rb_mbedtls_cfg_new(void)
|
||||||
mbedtls_ssl_conf_authmode(&cfg->server_cfg, MBEDTLS_SSL_VERIFY_OPTIONAL);
|
mbedtls_ssl_conf_authmode(&cfg->server_cfg, MBEDTLS_SSL_VERIFY_OPTIONAL);
|
||||||
mbedtls_ssl_conf_authmode(&cfg->client_cfg, MBEDTLS_SSL_VERIFY_NONE);
|
mbedtls_ssl_conf_authmode(&cfg->client_cfg, MBEDTLS_SSL_VERIFY_NONE);
|
||||||
|
|
||||||
mbedtls_ssl_conf_min_version(&cfg->server_cfg, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2);
|
mbedtls_ssl_conf_min_version(&cfg->server_cfg, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1);
|
||||||
mbedtls_ssl_conf_min_version(&cfg->client_cfg, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2);
|
mbedtls_ssl_conf_min_version(&cfg->client_cfg, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1);
|
||||||
|
|
||||||
#ifdef MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
|
#ifdef MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
|
||||||
mbedtls_ssl_conf_legacy_renegotiation(&cfg->client_cfg, MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE);
|
mbedtls_ssl_conf_legacy_renegotiation(&cfg->client_cfg, MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE);
|
||||||
|
|
|
@ -431,10 +431,6 @@ rb_setup_ssl_server(const char *const certfile, const char *keyfile,
|
||||||
(void) SSL_CTX_set_options(ssl_ctx_new, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
|
(void) SSL_CTX_set_options(ssl_ctx_new, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef SSL_OP_NO_TLSv1
|
|
||||||
(void) SSL_CTX_set_options(ssl_ctx_new, SSL_OP_NO_TLSv1);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef SSL_OP_NO_TICKET
|
#ifdef SSL_OP_NO_TICKET
|
||||||
(void) SSL_CTX_set_options(ssl_ctx_new, SSL_OP_NO_TICKET);
|
(void) SSL_CTX_set_options(ssl_ctx_new, SSL_OP_NO_TICKET);
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in a new issue