]> granicus.if.org Git - mutt/commitdiff
disable tls v1.1/1.2 in mutt_ssl_starttls() based on $ssl_use_tlsv1_*
authorMichael Elkins <me@sigpipe.org>
Wed, 19 Dec 2012 04:46:33 +0000 (20:46 -0800)
committerMichael Elkins <me@sigpipe.org>
Wed, 19 Dec 2012 04:46:33 +0000 (20:46 -0800)
see #3571

mutt_ssl.c

index c9e0511927bd8e5c00dc0488d4b9573598e2a79e..ec28b02738f7883bd01c7539c396820ee1e3811c 100644 (file)
@@ -115,6 +115,18 @@ int mutt_ssl_starttls (CONNECTION* conn)
     dprint (1, (debugfile, "mutt_ssl_starttls: Error allocating SSL_CTX\n"));
     goto bail_ssldata;
   }
+#ifdef SSL_OP_NO_TLSv1_1
+  if (!option(OPTTLSV1_1))
+  {
+    SSL_CTX_set_options(ssldata->ctx, SSL_OP_NO_TLSv1_1);
+  }
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
+  if (!option(OPTTLSV1_2))
+  {
+    SSL_CTX_set_options(ssldata->ctx, SSL_OP_NO_TLSv1_2);
+  }
+#endif
 
   ssl_get_client_cert(ssldata, conn);