]> jfr.im git - irc/charybdis-ircd/charybdis.git/commitdiff
projects / irc / charybdis-ircd / charybdis.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side (parent: 35cd299)
MbedTLS: Disable TLSv1.0
authorAaron Jones <redacted>
Fri, 30 Dec 2016 17:54:05 +0000 (17:54 +0000)
committerAaron Jones <redacted>
Fri, 30 Dec 2016 17:59:48 +0000 (17:59 +0000)
librb/src/mbedtls.c patch | blob | blame | history

diff --git a/librb/src/mbedtls.c b/librb/src/mbedtls.c
index 1f3c94605388eb065e3422c7e1935ad56d4739e8..0787356805fa222462a75b77a0c8ec4b422cd7ae 100644 (file)
--- a/librb/src/mbedtls.c
+++ b/librb/src/mbedtls.c
@@ -153,7 +153,7 @@ rb_ssl_init_fd(rb_fde_t *const F, const rb_fd_tls_direction dir)
                return;
        }
 
-       mbedtls_ssl_config *mbed_config;
+       mbedtls_ssl_config *mbed_config = NULL;
 
        switch(dir)
        {
@@ -233,6 +233,9 @@ rb_mbedtls_cfg_new(void)
        mbedtls_ssl_conf_authmode(&cfg->server_cfg, MBEDTLS_SSL_VERIFY_OPTIONAL);
        mbedtls_ssl_conf_authmode(&cfg->client_cfg, MBEDTLS_SSL_VERIFY_NONE);
 
+       mbedtls_ssl_conf_min_version(&cfg->server_cfg, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2);
+       mbedtls_ssl_conf_min_version(&cfg->client_cfg, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2);
+
        #ifdef MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
        mbedtls_ssl_conf_legacy_renegotiation(&cfg->client_cfg, MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE);
        #endif
Unnamed repository; edit this file 'description' to name the repository.