From 59bd213cf007f36b2a857785e647bd3f9972fbc3 Mon Sep 17 00:00:00 2001 From: Pawel Jakub Dawidek Date: Thu, 23 Feb 2012 00:38:52 +0100 Subject: [PATCH] Accept both TLSv1 and SSLv3 as a server. This fixes SSL connections from Microsoft RDC for Mac OS X to FreeRDP server. --- libfreerdp-crypto/tls.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libfreerdp-crypto/tls.c b/libfreerdp-crypto/tls.c index b6956b691..9185d0013 100644 --- a/libfreerdp-crypto/tls.c +++ b/libfreerdp-crypto/tls.c @@ -128,7 +128,7 @@ boolean tls_accept(rdpTls* tls, const char* cert_file, const char* privatekey_fi { int connection_status; - tls->ctx = SSL_CTX_new(TLSv1_server_method()); + tls->ctx = SSL_CTX_new(SSLv23_server_method()); if (tls->ctx == NULL) { @@ -136,6 +136,12 @@ boolean tls_accept(rdpTls* tls, const char* cert_file, const char* privatekey_fi return false; } + /* + * We only want SSLv3 and TLSv1, so disable SSLv2. + * SSLv3 is used by, eg. Microsoft RDC for Mac OS X. + */ + SSL_CTX_set_options(tls->ctx, SSL_OP_NO_SSLv2); + if (SSL_CTX_use_RSAPrivateKey_file(tls->ctx, privatekey_file, SSL_FILETYPE_PEM) <= 0) { printf("SSL_CTX_use_RSAPrivateKey_file failed\n");