From af7d95c9aac6530c089d4fdd4662aa28af13f30f Mon Sep 17 00:00:00 2001 From: Michael Elkins Date: Tue, 18 Dec 2012 20:46:33 -0800 Subject: [PATCH] disable tls v1.1/1.2 in mutt_ssl_starttls() based on $ssl_use_tlsv1_* see #3571 --- mutt_ssl.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/mutt_ssl.c b/mutt_ssl.c index c9e051192..ec28b0273 100644 --- a/mutt_ssl.c +++ b/mutt_ssl.c @@ -115,6 +115,18 @@ int mutt_ssl_starttls (CONNECTION* conn) dprint (1, (debugfile, "mutt_ssl_starttls: Error allocating SSL_CTX\n")); goto bail_ssldata; } +#ifdef SSL_OP_NO_TLSv1_1 + if (!option(OPTTLSV1_1)) + { + SSL_CTX_set_options(ssldata->ctx, SSL_OP_NO_TLSv1_1); + } +#endif +#ifdef SSL_OP_NO_TLSv1_2 + if (!option(OPTTLSV1_2)) + { + SSL_CTX_set_options(ssldata->ctx, SSL_OP_NO_TLSv1_2); + } +#endif ssl_get_client_cert(ssldata, conn); -- 2.40.0