|
@@ -3177,6 +3177,19 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
|
|
#endif /* SSL_clear_options */
|
|
|
#endif /* SSL_OP_NO_TICKET */
|
|
|
|
|
|
+#ifdef SSL_OP_NO_TLSv1_1
|
|
|
+ if (params->flags & TLS_CONN_DISABLE_TLSv1_1)
|
|
|
+ SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_1);
|
|
|
+ else
|
|
|
+ SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_1);
|
|
|
+#endif /* SSL_OP_NO_TLSv1_1 */
|
|
|
+#ifdef SSL_OP_NO_TLSv1_2
|
|
|
+ if (params->flags & TLS_CONN_DISABLE_TLSv1_2)
|
|
|
+ SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_2);
|
|
|
+ else
|
|
|
+ SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_2);
|
|
|
+#endif /* SSL_OP_NO_TLSv1_2 */
|
|
|
+
|
|
|
#ifdef HAVE_OCSP
|
|
|
if (params->flags & TLS_CONN_REQUEST_OCSP) {
|
|
|
SSL_CTX *ssl_ctx = tls_ctx;
|