OpenSSL: Add option to disable use of TLSv1.0
The new phase1 config parameter value tls_disable_tlsv1_0=1 can now be used to disable use of TLSv1.0 for a network configuration. This can be used to force a newer TLS version to be used. For example, phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1" would indicate that only TLS v1.2 is accepted. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
2456264fad
commit
5650d379a3
4 changed files with 12 additions and 0 deletions
|
|
@ -3544,6 +3544,12 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
|||
#endif /* SSL_clear_options */
|
||||
#endif /* SSL_OP_NO_TICKET */
|
||||
|
||||
#ifdef SSL_OP_NO_TLSv1
|
||||
if (params->flags & TLS_CONN_DISABLE_TLSv1_0)
|
||||
SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1);
|
||||
else
|
||||
SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1);
|
||||
#endif /* SSL_OP_NO_TLSv1 */
|
||||
#ifdef SSL_OP_NO_TLSv1_1
|
||||
if (params->flags & TLS_CONN_DISABLE_TLSv1_1)
|
||||
SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_1);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue