disable tls v1.1/1.2 in mutt_ssl_starttls() based on $ssl_use_tlsv1_*

author Michael Elkins <me@sigpipe.org>

Wed, 19 Dec 2012 04:46:33 +0000 (20:46 -0800)

committer Michael Elkins <me@sigpipe.org>

Wed, 19 Dec 2012 04:46:33 +0000 (20:46 -0800)
author Michael Elkins <me@sigpipe.org>
Wed, 19 Dec 2012 04:46:33 +0000 (20:46 -0800)
committer Michael Elkins <me@sigpipe.org>
Wed, 19 Dec 2012 04:46:33 +0000 (20:46 -0800)
diff --git a/mutt_ssl.c b/mutt_ssl.c

index c9e0511927bd8e5c00dc0488d4b9573598e2a79e..ec28b02738f7883bd01c7539c396820ee1e3811c 100644 (file)
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -115,6 +115,18 @@ int mutt_ssl_starttls (CONNECTION* conn)
      dprint (1, (debugfile, "mutt_ssl_starttls: Error allocating SSL_CTX\n"));
      goto bail_ssldata;
    }
+#ifdef SSL_OP_NO_TLSv1_1
+  if (!option(OPTTLSV1_1))
+  {
+    SSL_CTX_set_options(ssldata->ctx, SSL_OP_NO_TLSv1_1);
+  }
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
+  if (!option(OPTTLSV1_2))
+  {
+    SSL_CTX_set_options(ssldata->ctx, SSL_OP_NO_TLSv1_2);
+  }
+#endif
  
    ssl_get_client_cert(ssldata, conn);
author	Michael Elkins <me@sigpipe.org>
	Wed, 19 Dec 2012 04:46:33 +0000 (20:46 -0800)
committer	Michael Elkins <me@sigpipe.org>
	Wed, 19 Dec 2012 04:46:33 +0000 (20:46 -0800)