From adbdd017d532b5548190a815041bed5e5a60ed2f Mon Sep 17 00:00:00 2001 From: hiro Date: Mon, 21 Dec 2015 06:50:35 +0000 Subject: enabled TLSv1.1 and TLSv1.2 for STARTTLS. git-svn-id: svn://sylpheed.sraoss.jp/sylpheed/trunk@3502 ee746299-78ed-0310-b773-934348b2243d --- libsylph/ssl.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'libsylph') diff --git a/libsylph/ssl.c b/libsylph/ssl.c index 4763a741..6ab2fba2 100644 --- a/libsylph/ssl.c +++ b/libsylph/ssl.c @@ -137,11 +137,15 @@ void ssl_init(void) g_warning("SSLv23 SSL_CTX_load_verify_locations failed.\n"); } - ssl_ctx_TLSv1 = SSL_CTX_new(TLSv1_client_method()); + /* ssl_ctx_TLSv1 = SSL_CTX_new(TLSv1_client_method()); */ + ssl_ctx_TLSv1 = SSL_CTX_new(SSLv23_client_method()); if (ssl_ctx_TLSv1 == NULL) { debug_print(_("TLSv1 not available\n")); } else { debug_print(_("TLSv1 available\n")); + /* disable SSLv2/SSLv3 */ + SSL_CTX_set_options(ssl_ctx_TLSv1, + SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3); if ((certs_file || certs_dir) && !SSL_CTX_load_verify_locations(ssl_ctx_TLSv1, certs_file, certs_dir)) @@ -270,6 +274,8 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method) debug_print(_("SSL connection using %s\n"), SSL_get_cipher(sockinfo->ssl)); + debug_print("SSL protocol version: %s\n", + SSL_get_version(sockinfo->ssl)); /* Get server's certificate (note: beware of dynamic allocation) */ -- cgit v1.2.3