summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libtls/tls.c')
-rw-r--r--src/lib/libtls/tls.c10
1 files changed, 3 insertions, 7 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index 8444169bdc..fdb994d733 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls.c,v 1.97 2023/06/18 11:43:03 op Exp $ */ 1/* $OpenBSD: tls.c,v 1.98 2023/07/02 06:37:27 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -520,16 +520,12 @@ tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx)
520 520
521 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2); 521 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
522 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3); 522 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
523 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
524 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
523 525
524 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1);
525 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
526 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_2); 526 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
527 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_3); 527 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
528 528
529 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_0) == 0)
530 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
531 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_1) == 0)
532 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
533 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0) 529 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0)
534 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2); 530 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
535 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_3) == 0) 531 if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_3) == 0)