wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't disable TLS v1.2 by default any more.

Browse source
This commit is contained in:
Dr. Stephen Henson 2011-10-09 23:28:25 +00:00
parent 6b00cd746a
commit 6bd173fced
3 changed files with 0 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
apps/s_client.c
View file

@ -1044,9 +1044,6 @@ bad:
SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
} }
#endif #endif
/* HACK while TLS v1.2 is disabled by default */
if (!(off & SSL_OP_NO_TLSv1_2))
SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2);
if (bugs) if (bugs)
SSL_CTX_set_options(ctx,SSL_OP_ALL|off); SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
else else

3
apps/s_server.c
View file

@ -1463,9 +1463,6 @@ bad:
SSL_CTX_set_quiet_shutdown(ctx,1); SSL_CTX_set_quiet_shutdown(ctx,1);
if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
/* HACK while TLS v1.2 is disabled by default */
if (!(off & SSL_OP_NO_TLSv1_2))
SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2);
SSL_CTX_set_options(ctx,off); SSL_CTX_set_options(ctx,off);
/* DTLS: partial reads end up discarding unread UDP bytes :-( /* DTLS: partial reads end up discarding unread UDP bytes :-(
* Setting read ahead solves this problem. * Setting read ahead solves this problem.

2
ssl/ssl_lib.c
View file

@ -1717,8 +1717,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
* deployed might change this. * deployed might change this.
*/ */
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
/* Disable TLS v1.2 by default for now */
ret->options |= SSL_OP_NO_TLSv1_2;
return(ret); return(ret);
err: err: