summaryrefslogtreecommitdiff
path: root/cups/tls-gnutls.c
diff options
context:
space:
mode:
authorPascal Ernster <git@hardfalcon.net>2017-10-22 22:34:42 +0200
committerPascal Ernster <git@hardfalcon.net>2017-10-22 22:34:42 +0200
commitfad821594f5ec0b35dcf8535923146a2d9220aac (patch)
treefcf2ec1c434bdd722ffd3e0e250cd09b22494e42 /cups/tls-gnutls.c
parentf8913c6d2cb5934eb25be2579767255e4147d639 (diff)
downloadcups-fad821594f5ec0b35dcf8535923146a2d9220aac.tar.gz
Fix AllowRC4 and AllowSSL3 on GnuTLS platforms
Diffstat (limited to 'cups/tls-gnutls.c')
-rw-r--r--cups/tls-gnutls.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
index 4c92b6850..f93274815 100644
--- a/cups/tls-gnutls.c
+++ b/cups/tls-gnutls.c
@@ -1509,14 +1509,16 @@ _httpTLSStart(http_t *http) /* I - Connection to server */
if (tls_options & _HTTP_TLS_DENY_TLS10)
strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0", sizeof(priority_string));
else if (tls_options & _HTTP_TLS_ALLOW_SSL3)
- strlcat(priority_string, ":+VERS-TLS-ALL", sizeof(priority_string));
+ strlcat(priority_string, ":+VERS-TLS-ALL:+VERS-SSL3.0", sizeof(priority_string));
else if (tls_options & _HTTP_TLS_ONLY_TLS10)
strlcat(priority_string, ":-VERS-TLS-ALL:-VERS-SSL3.0:+VERS-TLS1.0", sizeof(priority_string));
else
strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-SSL3.0", sizeof(priority_string));
- if (!(tls_options & _HTTP_TLS_ALLOW_RC4))
- strlcat(priority_string, ":-ARCFOUR-128", sizeof(priority_string));
+ if (tls_options & _HTTP_TLS_ALLOW_RC4)
+ strlcat(priority_string, ":+ARCFOUR-128", sizeof(priority_string));
+ else
+ strlcat(priority_string, ":!ARCFOUR-128", sizeof(priority_string));
strlcat(priority_string, ":!ANON-DH", sizeof(priority_string));
View Lorry Controller Status