Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

OpenSSL: Allow TLS v1.1 and v1.2 to be negotiated by default

Use SSLv23_method() to enable TLS version negotiation for any version
equal to or newer than 1.0. If the old behavior is needed as a
workaround for some broken authentication servers, it can be configured
with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1".

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
281ff42a01
commit
35efa2479f
1 changed files with 4 additions and 1 deletions
Split View Show Diff Stats
  1. 4 1
      src/crypto/tls_openssl.c

+ 4 - 1
src/crypto/tls_openssl.c
View File 

@@ -810,7 +810,7 @@ void * tls_init(const struct tls_config *conf)
 
 	}
 
 	tls_openssl_ref_count++;
 
 
-	ssl = SSL_CTX_new(TLSv1_method());
 
+	ssl = SSL_CTX_new(SSLv23_method());
 
 	if (ssl == NULL) {
 
 		tls_openssl_ref_count--;
 
 #ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
 
@@ -824,6 +824,9 @@ void * tls_init(const struct tls_config *conf)
 
 		return NULL;
 
 	}
 
 
+	SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
 
+	SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
 
+
 
 	SSL_CTX_set_info_callback(ssl, ssl_info_cb);
 
 #ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
 
 	SSL_CTX_set_app_data(ssl, context);