Adding special TLS protocol names that disable client renegotiation.

author: Andrej Podzimek 2020-12-01 20:07:19 +0100
committer: Andrej Podzimek 2020-12-01 20:07:19 +0100
commit: d0fbff5dffafb9169a268f4482921d2d5a9fcc7a (patch)
tree: 6f4566790f13e69b6c0c7eddbeab27017c3b3cc2 /tcpd
parent: f2db409949ad94d4fc175d04ebd72bda3bd1df4e (diff)
download: courier-libs-d0fbff5dffafb9169a268f4482921d2d5a9fcc7a.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/tcpd/libcouriertls.c b/tcpd/libcouriertls.c
index 1f5a40f..246b90d 100644
--- a/tcpd/libcouriertls.c
+++ b/tcpd/libcouriertls.c
@@ -66,12 +66,14 @@ struct proto_ops op_list[] =
 {
 #ifdef SSL_OP_NO_TLSv1
 #ifdef SSL_OP_NO_TLSv1_1
+    { "TLSv1.2++", &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_RENEGOTIATION },
     { "TLSv1.2+",  &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 },
     { "TLSv1.2",   &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 },
 #endif
 #endif
 
 #ifdef SSL_OP_NO_TLSv1
+    { "TLSv1.1++", &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_RENEGOTIATION },
     { "TLSv1.1+",  &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1 },
     { "TLSv1.1",   &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1 },
 #endif
author	Andrej Podzimek	2020-12-01 20:07:19 +0100
committer	Andrej Podzimek	2020-12-01 20:07:19 +0100
commit	d0fbff5dffafb9169a268f4482921d2d5a9fcc7a (patch)
tree	6f4566790f13e69b6c0c7eddbeab27017c3b3cc2 /tcpd
parent	f2db409949ad94d4fc175d04ebd72bda3bd1df4e (diff)
download	courier-libs-d0fbff5dffafb9169a268f4482921d2d5a9fcc7a.tar.bz2