blob: ddc11b1d61cf556b73bc611587e31b9743b3c761 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
From 464bdd6b70409a62ee47ff6c9d0ca09d3f90ed76 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 21 Jul 2020 08:33:48 +0200
Subject: [PATCH] SSL_CTX_set_max_proto_version requires openssl 1.1
---
src/ssl/ssl_openssl_impl.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/ssl/ssl_openssl_impl.cpp b/src/ssl/ssl_openssl_impl.cpp
index 29d26ef51..3b1124378 100644
--- a/src/ssl/ssl_openssl_impl.cpp
+++ b/src/ssl/ssl_openssl_impl.cpp
@@ -539,8 +539,10 @@ OpenSslContext::OpenSslContext()
, trusted_store_(X509_STORE_new()) {
SSL_CTX_set_cert_store(ssl_ctx_, trusted_store_);
SSL_CTX_set_verify(ssl_ctx_, SSL_VERIFY_NONE, ssl_no_verify_callback);
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
// Limit to TLS 1.2 for now. TLS 1.3 has broken the handshake code.
SSL_CTX_set_max_proto_version(ssl_ctx_, TLS1_2_VERSION);
+#endif
#if DEBUG_SSL
SSL_CTX_set_info_callback(ssl_ctx_, ssl_info_callback);
#endif
|