mirrors/FreeRDP
0
0
Fork 0
mirror of https://github.com/FreeRDP/FreeRDP.git synced 2024-11-23 18:03:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

* remove obsolete SSLv23_client_method in tls_connect()

Browse Source 
* set min TLS Version
This commit is contained in:
Christian Gall 2018-11-18 14:09:37 +00:00
parent 621ade9b84
commit fffe4f077a
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libfreerdp/crypto/tls.c
View File

@ -650,6 +650,11 @@ static BOOL tls_prepare(rdpTls* tls, BIO* underlying, SSL_METHOD* method,
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE);
SSL_CTX_set_options(tls->ctx, options);
SSL_CTX_set_read_ahead(tls->ctx, 1);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
SSL_CTX_set_min_proto_version(tls->ctx, TLS1_VERSION); /* min version */
SSL_CTX_set_max_proto_version(tls->ctx, 0); /* highest supported version by library */
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
SSL_CTX_set_security_level(tls->ctx, settings->TlsSecLevel);
@ -840,6 +845,8 @@ int tls_connect(rdpTls* tls, BIO* underlying)
* support empty fragments. This needs to be disabled.
*/
options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/**
* disable SSLv2 and SSLv3
*/
@ -847,6 +854,9 @@ int tls_connect(rdpTls* tls, BIO* underlying)
options |= SSL_OP_NO_SSLv3;
if (!tls_prepare(tls, underlying, SSLv23_client_method(), options, TRUE))
#else
if (!tls_prepare(tls, underlying, TLS_client_method(), options, TRUE))
#endif
return FALSE;
#if !defined(OPENSSL_NO_TLSEXT) && !defined(LIBRESSL_VERSION_NUMBER)