allow the use of TLSv1 / TLSv1_1 again

author: Andreas Kotes <count@flatline.de> 2014-04-15 13:06:58 +0200
committer: Andreas Kotes <count@flatline.de> 2014-04-15 13:06:58 +0200
commit: 962f887a64422c8e0a7f12131d8401211ef8cd74 (patch)
tree: 5e3e7a0dc460d63ed4f554b54abdedd92fd2bdaa
parent: 19375e6c61bfe3bf643786b0e7318c528e4b22a0 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/vchat-ssl.c b/vchat-ssl.c
index 2b41432..0333aee 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -61,8 +61,8 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
   X509_STORE           *store            = NULL;
   vc_x509verify_cb_t   verify_callback   = NULL;
-   /* Explicitly use TLSv1_2 (or maybe later) */
+   /* Explicitly use TLSv1 (or maybe later) */
-   if( !(ctx = SSL_CTX_new(TLSv1_2_client_method())) )
+   if( !(ctx = SSL_CTX_new(TLSv1_client_method())) )
      VC_CTX_ERR_EXIT(store, ctx);
   if( !(store = vc_x509store_create(vc_store)) )
@@ -70,8 +70,8 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
   SSL_CTX_set_cert_store(ctx, store);
   store = NULL;
-   /* Disable A LOT of insecure protocols explicitly */
+   /* Disable some insecure protocols explicitly */
-   SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1);
+   SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
   SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
   SSL_CTX_set_verify_depth (ctx, 2);
author	Andreas Kotes <count@flatline.de>	2014-04-15 13:06:58 +0200
committer	Andreas Kotes <count@flatline.de>	2014-04-15 13:06:58 +0200
commit	962f887a64422c8e0a7f12131d8401211ef8cd74 (patch)
tree	5e3e7a0dc460d63ed4f554b54abdedd92fd2bdaa
parent	19375e6c61bfe3bf643786b0e7318c528e4b22a0 (diff)

diff --git a/vchat-ssl.c b/vchat-ssl.c index 2b41432..0333aee 100755 --- a/vchat-ssl.c +++ b/vchat-ssl.c
@@ -61,8 +61,8 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
61	X509_STORE *store = NULL;	61	X509_STORE *store = NULL;
62	vc_x509verify_cb_t verify_callback = NULL;	62	vc_x509verify_cb_t verify_callback = NULL;
63		63
64	/* Explicitly use TLSv1_2 (or maybe later) */	64	/* Explicitly use TLSv1 (or maybe later) */
65	if( !(ctx = SSL_CTX_new(TLSv1_2_client_method())) )	65	if( !(ctx = SSL_CTX_new(TLSv1_client_method())) )
66	VC_CTX_ERR_EXIT(store, ctx);	66	VC_CTX_ERR_EXIT(store, ctx);
67		67
68	if( !(store = vc_x509store_create(vc_store)) )	68	if( !(store = vc_x509store_create(vc_store)) )
@@ -70,8 +70,8 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
70		70
71	SSL_CTX_set_cert_store(ctx, store);	71	SSL_CTX_set_cert_store(ctx, store);
72	store = NULL;	72	store = NULL;
73	/* Disable A LOT of insecure protocols explicitly */	73	/* Disable some insecure protocols explicitly */
74	SSL_CTX_set_options(ctx, SSL_OP_ALL\|SSL_OP_NO_SSLv2\|SSL_OP_NO_SSLv3\|SSL_OP_NO_TLSv1\|SSL_OP_NO_TLSv1_1);	74	SSL_CTX_set_options(ctx, SSL_OP_ALL\|SSL_OP_NO_SSLv2\|SSL_OP_NO_SSLv3);
75	SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");	75	SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
76		76
77	SSL_CTX_set_verify_depth (ctx, 2);	77	SSL_CTX_set_verify_depth (ctx, 2);