From af7d95c9aac6530c089d4fdd4662aa28af13f30f Mon Sep 17 00:00:00 2001
From: Michael Elkins <me@mutt.org>
Date: Tue, 18 Dec 2012 20:46:33 -0800
Subject: [PATCH] disable tls v1.1/1.2 in mutt_ssl_starttls() based on
 $ssl_use_tlsv1_*

see #3571
---
 mutt_ssl.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/mutt_ssl.c b/mutt_ssl.c
index c9e051192..ec28b0273 100644
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -115,6 +115,18 @@ int mutt_ssl_starttls (CONNECTION* conn)
     dprint (1, (debugfile, "mutt_ssl_starttls: Error allocating SSL_CTX\n"));
     goto bail_ssldata;
   }
+#ifdef SSL_OP_NO_TLSv1_1
+  if (!option(OPTTLSV1_1))
+  {
+    SSL_CTX_set_options(ssldata->ctx, SSL_OP_NO_TLSv1_1);
+  }
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
+  if (!option(OPTTLSV1_2))
+  {
+    SSL_CTX_set_options(ssldata->ctx, SSL_OP_NO_TLSv1_2);
+  }
+#endif
 
   ssl_get_client_cert(ssldata, conn);
 
-- 
2.40.0