Support internal "only TLS/1.0" option for tlscheck.

Expand CBC filter on macOS. Add support for --tls10 and --no-cbc options with tlscheck.
author: Michael Sweet <michael.r.sweet@gmail.com> 2017-08-25 16:38:56 -0400
committer: Michael Sweet <michael.r.sweet@gmail.com> 2017-08-25 16:39:50 -0400
commit: 4f272af7bbf4c6f409998e3b1d1f89df4bda8a28 (patch)
tree: b894f24fd57f7b2d8ada29aab477d88179066501 /cups/tls-gnutls.c
parent: b770b18d0fac2117fb8f0684ea7eef8cf398529c (diff)
download: cups-4f272af7bbf4c6f409998e3b1d1f89df4bda8a28.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
index d77e20789..3f13760b2 100644
--- a/cups/tls-gnutls.c
+++ b/cups/tls-gnutls.c
@@ -1509,6 +1509,8 @@ _httpTLSStart(http_t *http)		/* I - Connection to server */
     strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0", sizeof(priority_string));
   else if (tls_options & _HTTP_TLS_ALLOW_SSL3)
     strlcat(priority_string, ":+VERS-TLS-ALL", sizeof(priority_string));
+  else if (tls_options & _HTTP_TLS_ONLY_TLS10)
+    strlcat(priority_string, ":-VERS-TLS-ALL:-VERS-SSL3.0:+VERS-TLS1.0", sizeof(priority_string));
   else
     strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-SSL3.0", sizeof(priority_string));
author	Michael Sweet <michael.r.sweet@gmail.com>	2017-08-25 16:38:56 -0400
committer	Michael Sweet <michael.r.sweet@gmail.com>	2017-08-25 16:39:50 -0400
commit	4f272af7bbf4c6f409998e3b1d1f89df4bda8a28 (patch)
tree	b894f24fd57f7b2d8ada29aab477d88179066501 /cups/tls-gnutls.c
parent	b770b18d0fac2117fb8f0684ea7eef8cf398529c (diff)
download	cups-4f272af7bbf4c6f409998e3b1d1f89df4bda8a28.tar.gz