rpms / freerdp

Clone
Source Code
GIT

Blame SOURCES/tls-enable-tls-1.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7-alt
  2.   SOURCES
  3.   tls-enable-tls-1.patch
Blob History Raw
0c7016 
diff --git a/libfreerdp-core/tls.c b/libfreerdp-core/tls.c
0c7016 
index 106f9cae3..2e3f32d63 100644
0c7016 
--- a/libfreerdp-core/tls.c
0c7016 
+++ b/libfreerdp-core/tls.c
0c7016 
@@ -26,8 +26,9 @@ boolean tls_connect(rdpTls* tls)
0c7016 
 {
0c7016 
 	int connection_status;
0c7016 
 	char *hostname;
0c7016 
+	int options = 0;
0c7016
0c7016 
-	tls->ctx = SSL_CTX_new(TLSv1_client_method());
0c7016 
+	tls->ctx = SSL_CTX_new(SSLv23_client_method());
0c7016
0c7016 
 	if (tls->ctx == NULL)
0c7016 
 	{
0c7016 
@@ -43,7 +44,15 @@ boolean tls_connect(rdpTls* tls)
0c7016 
 	 * block padding is normally used, but the Microsoft TLS implementation
0c7016 
 	 * won't recognize it and will disconnect you after sending a TLS alert.
0c7016 
 	 */
0c7016 
-	SSL_CTX_set_options(tls->ctx, SSL_OP_ALL);
0c7016 
+	options |= SSL_OP_ALL;
0c7016 
+
0c7016 
+	/**
0c7016 
+	 * disable SSLv2 and SSLv3
0c7016 
+	 */
0c7016 
+	options |= SSL_OP_NO_SSLv2;
0c7016 
+	options |= SSL_OP_NO_SSLv3;
0c7016 
+
0c7016 
+	SSL_CTX_set_options(tls->ctx, options);
0c7016
0c7016 
 	tls->ssl = SSL_new(tls->ctx);
0c7016

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation