Extend ssl_forbid_method to disable TLSv1.1

Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874218#5
2018-01-06 19:10:52 +09:00
parent d7afaf6808
commit 1b23ebf644
7 changed files with 14 additions and 10 deletions
--- a/url.c
+++ b/url.c
@@ -338,6 +338,10 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
 		option |= SSL_OP_NO_TLSv1;
 	    if (strchr(ssl_forbid_method, 'T'))
 		option |= SSL_OP_NO_TLSv1;
+	    if (strchr(ssl_forbid_method, 't1.1'))
+		option |= SSL_OP_NO_TLSv1_1;
+	    if (strchr(ssl_forbid_method, 'T1.1'))
+		option |= SSL_OP_NO_TLSv1_1;
 	}
 #ifdef SSL_OP_NO_COMPRESSION
 	option |= SSL_OP_NO_COMPRESSION;