mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tls: enable tls 1+

Browse Source 
Currently TLS version 1.0 is used implicitly by using the TLSv1_method.
To be able to also use TLS 1.1 and later use SSLv23_client_method
instead. To make sure SSLv2 or SSLv3 isn't used disable them.
This commit is contained in:
Bernhard Miklautz 2016-01-12 17:43:14 +01:00
parent 9b8b1d6480
commit aa80f63b4a
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libfreerdp/crypto/tls.c
View File

@ -798,7 +798,13 @@ int tls_connect(rdpTls* tls, BIO* underlying)
*/
options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
if (!tls_prepare(tls, underlying, TLSv1_client_method(), options, TRUE))
/**
* disable SSLv2 and SSLv3
*/
options |= SSL_OP_NO_SSLv2;
options |= SSL_OP_NO_SSLv3;
if (!tls_prepare(tls, underlying, SSLv23_client_method(), options, TRUE))
return FALSE;
return tls_do_handshake(tls, TRUE);