View | Details | Raw Unified | Return to bug 53952
Collapse All | Expand All

(-)native/include/ssl_private.h (-1 / +3 lines)
Lines 117-123 Link Here
117
#define SSL_PROTOCOL_SSLV2      (1<<0)
117
#define SSL_PROTOCOL_SSLV2      (1<<0)
118
#define SSL_PROTOCOL_SSLV3      (1<<1)
118
#define SSL_PROTOCOL_SSLV3      (1<<1)
119
#define SSL_PROTOCOL_TLSV1      (1<<2)
119
#define SSL_PROTOCOL_TLSV1      (1<<2)
120
#define SSL_PROTOCOL_ALL        (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
120
#define SSL_PROTOCOL_TLS11      (1<<3)
121
#define SSL_PROTOCOL_TLS12      (1<<4)
122
#define SSL_PROTOCOL_ALL        (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLS11|SSL_PROTOCOL_TLS12)
121
123
122
#define SSL_MODE_CLIENT         (0)
124
#define SSL_MODE_CLIENT         (0)
123
#define SSL_MODE_SERVER         (1)
125
#define SSL_MODE_SERVER         (1)
(-)native/src/sslcontext.c (-11 / +15 lines)
Lines 88-104 Link Here
88
            else
88
            else
89
                ctx = SSL_CTX_new(SSLv3_method());
89
                ctx = SSL_CTX_new(SSLv3_method());
90
        break;
90
        break;
91
        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
92
        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
93
        case SSL_PROTOCOL_ALL:
94
        case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1:
95
            if (mode == SSL_MODE_CLIENT)
96
                ctx = SSL_CTX_new(SSLv23_client_method());
97
            else if (mode == SSL_MODE_SERVER)
98
                ctx = SSL_CTX_new(SSLv23_server_method());
99
            else
100
                ctx = SSL_CTX_new(SSLv23_method());
101
        break;
102
        case SSL_PROTOCOL_TLSV1:
91
        case SSL_PROTOCOL_TLSV1:
103
            if (mode == SSL_MODE_CLIENT)
92
            if (mode == SSL_MODE_CLIENT)
104
                ctx = SSL_CTX_new(TLSv1_client_method());
93
                ctx = SSL_CTX_new(TLSv1_client_method());
Lines 107-112 Link Here
107
            else
96
            else
108
                ctx = SSL_CTX_new(TLSv1_method());
97
                ctx = SSL_CTX_new(TLSv1_method());
109
        break;
98
        break;
99
        default:
100
            /* SSL_CTX_set_options will choose what we support */
101
            if (mode == SSL_MODE_CLIENT)
102
                ctx = SSL_CTX_new(SSLv23_client_method());
103
            else if (mode == SSL_MODE_SERVER)
104
                ctx = SSL_CTX_new(SSLv23_server_method());
105
            else
106
                ctx = SSL_CTX_new(SSLv23_method());
107
        break;
110
    }
108
    }
111
    if (!ctx) {
109
    if (!ctx) {
112
        char err[256];
110
        char err[256];
Lines 133-140 Link Here
133
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
131
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
134
    if (!(protocol & SSL_PROTOCOL_TLSV1))
132
    if (!(protocol & SSL_PROTOCOL_TLSV1))
135
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
133
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
134
    if (!(protocol & SSL_PROTOCOL_TLS11))
135
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_1);
136
    if (!(protocol & SSL_PROTOCOL_TLS12))
137
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
136
    /*
138
    /*
137
     * Configure additional context ingredients
139
     * Configure additional context ingredients
140
    /*
141
     * Configure additional context ingredients
138
     */
142
     */
139
    SSL_CTX_set_options(c->ctx, SSL_OP_SINGLE_DH_USE);
143
    SSL_CTX_set_options(c->ctx, SSL_OP_SINGLE_DH_USE);
140
#ifdef HAVE_ECC
144
#ifdef HAVE_ECC

Return to bug 53952