diff options
author | Michael Sweet <michael.r.sweet@gmail.com> | 2017-08-25 16:38:56 -0400 |
---|---|---|
committer | Michael Sweet <michael.r.sweet@gmail.com> | 2017-08-25 16:39:50 -0400 |
commit | 4f272af7bbf4c6f409998e3b1d1f89df4bda8a28 (patch) | |
tree | b894f24fd57f7b2d8ada29aab477d88179066501 /cups/tls-gnutls.c | |
parent | b770b18d0fac2117fb8f0684ea7eef8cf398529c (diff) | |
download | cups-4f272af7bbf4c6f409998e3b1d1f89df4bda8a28.tar.gz |
Support internal "only TLS/1.0" option for tlscheck.
Expand CBC filter on macOS.
Add support for --tls10 and --no-cbc options with tlscheck.
Diffstat (limited to 'cups/tls-gnutls.c')
-rw-r--r-- | cups/tls-gnutls.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c index d77e20789..3f13760b2 100644 --- a/cups/tls-gnutls.c +++ b/cups/tls-gnutls.c @@ -1509,6 +1509,8 @@ _httpTLSStart(http_t *http) /* I - Connection to server */ strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0", sizeof(priority_string)); else if (tls_options & _HTTP_TLS_ALLOW_SSL3) strlcat(priority_string, ":+VERS-TLS-ALL", sizeof(priority_string)); + else if (tls_options & _HTTP_TLS_ONLY_TLS10) + strlcat(priority_string, ":-VERS-TLS-ALL:-VERS-SSL3.0:+VERS-TLS1.0", sizeof(priority_string)); else strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-SSL3.0", sizeof(priority_string)); |