diff options
| author | Linus Nordberg <linus@nordberg.se> | 2017-11-14 15:45:27 +0100 |
|---|---|---|
| committer | Linus Nordberg <linus@nordberg.se> | 2017-11-14 15:52:23 +0100 |
| commit | 49fda337c980ead599c64009f324a00d8a5689e1 (patch) | |
| tree | dee13a61c695c94c379184f0fe87b67a87e138dc | |
| parent | 559d7af9af58054b6ae3724e9af22e3624ae3ebd (diff) | |
Allow TLS versions newer than TLSv1.0.
From radsecproxy commits 025ef1f and be31ab4.
| -rw-r--r-- | radsecproxy/tlscommon.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/radsecproxy/tlscommon.c b/radsecproxy/tlscommon.c index ed6c4bd..97b5914 100644 --- a/radsecproxy/tlscommon.c +++ b/radsecproxy/tlscommon.c @@ -202,9 +202,16 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) { switch (type) { #ifdef RADPROT_TLS case RAD_TLS: - ctx = SSL_CTX_new(TLSv1_method()); +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + /* TLS_method() was introduced in OpenSSL 1.1.0. */ + ctx = SSL_CTX_new(TLS_method()); +#else + /* No TLS_method(), use SSLv23_method() and disable SSLv2 and SSLv3. */ + ctx = SSL_CTX_new(SSLv23_method()); + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); break; #endif +#endif /* RADPROT_TLS */ #ifdef RADPROT_DTLS case RAD_DTLS: ctx = SSL_CTX_new(DTLSv1_method()); |