diff options
| author | Idan Freiberg <speidy@gmail.com> | 2018-04-05 08:04:06 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-04-05 08:04:06 +0300 |
| commit | c9477d1d987392a6e72cce22740f300c0831de17 (patch) | |
| tree | 36a61ef47ce1f02f08b2ca1d0bd8a60048661011 | |
| parent | b89829b6cc74cef1d1eca0d39793764ac0146582 (diff) | |
| parent | e723ba07959dfd6da0795b9f7f93c979657af8c8 (diff) | |
Merge pull request #16 from speidy/tls_negotiate_protocol
libfreerdp-core: tls: negotiate TLS protocol version.
| -rw-r--r-- | libfreerdp-core/tls.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/libfreerdp-core/tls.c b/libfreerdp-core/tls.c index e1530e3..1e79da7 100644 --- a/libfreerdp-core/tls.c +++ b/libfreerdp-core/tls.c @@ -35,7 +35,7 @@ tbool tls_connect(rdpTls* tls) int connection_status; LLOGLN(10, ("tls_connect:")); - tls->ctx = SSL_CTX_new(TLSv1_client_method()); + tls->ctx = SSL_CTX_new(SSLv23_client_method()); if (tls->ctx == NULL) { @@ -52,6 +52,9 @@ tbool tls_connect(rdpTls* tls) * won't recognize it and will disconnect you after sending a TLS alert. */ SSL_CTX_set_options(tls->ctx, SSL_OP_ALL); + + // Explicitly disable deprecated SSL protocols + SSL_CTX_set_options(tls->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); tls->ssl = SSL_new(tls->ctx); |