diff options
author | Pascal Ernster <git@hardfalcon.net> | 2017-10-22 22:34:42 +0200 |
---|---|---|
committer | Pascal Ernster <git@hardfalcon.net> | 2017-10-22 22:34:42 +0200 |
commit | fad821594f5ec0b35dcf8535923146a2d9220aac (patch) | |
tree | fcf2ec1c434bdd722ffd3e0e250cd09b22494e42 /cups/tls-gnutls.c | |
parent | f8913c6d2cb5934eb25be2579767255e4147d639 (diff) | |
download | cups-fad821594f5ec0b35dcf8535923146a2d9220aac.tar.gz |
Fix AllowRC4 and AllowSSL3 on GnuTLS platforms
Diffstat (limited to 'cups/tls-gnutls.c')
-rw-r--r-- | cups/tls-gnutls.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c index 4c92b6850..f93274815 100644 --- a/cups/tls-gnutls.c +++ b/cups/tls-gnutls.c @@ -1509,14 +1509,16 @@ _httpTLSStart(http_t *http) /* I - Connection to server */ if (tls_options & _HTTP_TLS_DENY_TLS10) strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0", sizeof(priority_string)); else if (tls_options & _HTTP_TLS_ALLOW_SSL3) - strlcat(priority_string, ":+VERS-TLS-ALL", sizeof(priority_string)); + strlcat(priority_string, ":+VERS-TLS-ALL:+VERS-SSL3.0", sizeof(priority_string)); else if (tls_options & _HTTP_TLS_ONLY_TLS10) strlcat(priority_string, ":-VERS-TLS-ALL:-VERS-SSL3.0:+VERS-TLS1.0", sizeof(priority_string)); else strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-SSL3.0", sizeof(priority_string)); - if (!(tls_options & _HTTP_TLS_ALLOW_RC4)) - strlcat(priority_string, ":-ARCFOUR-128", sizeof(priority_string)); + if (tls_options & _HTTP_TLS_ALLOW_RC4) + strlcat(priority_string, ":+ARCFOUR-128", sizeof(priority_string)); + else + strlcat(priority_string, ":!ARCFOUR-128", sizeof(priority_string)); strlcat(priority_string, ":!ANON-DH", sizeof(priority_string)); |