return NULL;
}
+static int disable_tls_11_and_12 = 0;
static SSL_CTX *the_ssl_ctx = NULL;
static SSL_CTX *
{
if (the_ssl_ctx)
return the_ssl_ctx;
- return (the_ssl_ctx = SSL_CTX_new(SSLv23_method()));
+ the_ssl_ctx = SSL_CTX_new(SSLv23_method());
+ if (!the_ssl_ctx)
+ return NULL;
+ if (disable_tls_11_and_12) {
+#ifdef SSL_OP_NO_TLSv1_2
+ SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_2);
+#endif
+#ifdef SSL_OP_NO_TLSv1_1
+ SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_1);
+#endif
+ }
+ return the_ssl_ctx;
}
static void
init_ssl();
+ if (strstr((char*)data->setup_data, "renegotiate")) {
+ if (SSLeay() >= 0x10001000 &&
+ SSLeay() < 0x1000104f) {
+ /* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2
+ * can't renegotiate with themselves. Disable. */
+ disable_tls_11_and_12 = 1;
+ }
+ renegotiate_at = 600;
+ }
+
ssl1 = SSL_new(get_ssl_ctx());
ssl2 = SSL_new(get_ssl_ctx());
if (! start_open)
flags |= BEV_OPT_CLOSE_ON_FREE;
- if (strstr((char*)data->setup_data, "renegotiate"))
- renegotiate_at = 600;
-
if (!filter) {
tt_assert(strstr((char*)data->setup_data, "socketpair"));
fd_pair = data->pair;