From d0fbff5dffafb9169a268f4482921d2d5a9fcc7a Mon Sep 17 00:00:00 2001
From: Andrej Podzimek
Date: Tue, 1 Dec 2020 20:07:19 +0100
Subject: Adding special TLS protocol names that disable client renegotiation.

---
 tcpd/libcouriertls.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'tcpd')

diff --git a/tcpd/libcouriertls.c b/tcpd/libcouriertls.c
index 1f5a40f..246b90d 100644
--- a/tcpd/libcouriertls.c
+++ b/tcpd/libcouriertls.c
@@ -66,12 +66,14 @@ struct proto_ops op_list[] =
 {
 #ifdef SSL_OP_NO_TLSv1
 #ifdef SSL_OP_NO_TLSv1_1
+    { "TLSv1.2++", &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_RENEGOTIATION },
     { "TLSv1.2+",  &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 },
     { "TLSv1.2",   &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 },
 #endif
 #endif
 
 #ifdef SSL_OP_NO_TLSv1
+    { "TLSv1.1++", &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_RENEGOTIATION },
     { "TLSv1.1+",  &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1 },
     { "TLSv1.1",   &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1 },
 #endif
-- 
cgit v1.2.3