diff options
author | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2015-05-20 01:20:52 +0000 |
---|---|---|
committer | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2015-05-20 01:20:52 +0000 |
commit | ee6226a5cbe12e80205659984bfcc663375b27e6 (patch) | |
tree | a4a6509b4a85df0e219ff918564f1d6a01bb2c94 /xcode | |
parent | 3bb59731595c4db5427812e41856930bbd012d82 (diff) | |
download | cups-ee6226a5cbe12e80205659984bfcc663375b27e6.tar.gz |
Add SSLOptions to enable Diffie-Hellman key exchange and disable TLS/1.0.
DH/DHE support is being made optional because of known security issues with short
DH parameters. Since there is no way to conditionally use DH/DHE with a minimum
number of bits, we just have to disable it by default.
TLS/1.0 support can now be disabled due to known security issues with TLS/1.0.
However, since TLS/1.1 and TLS/1.2 support is not universally available, we
cannot simply disable TLS/1.0 like we did for SSL/3.0.
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12645 a1ca3aef-8c08-0410-bb20-df032aa958be
Diffstat (limited to 'xcode')
-rw-r--r-- | xcode/config.h | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/xcode/config.h b/xcode/config.h index 50ff18422..0044da6b2 100644 --- a/xcode/config.h +++ b/xcode/config.h @@ -3,7 +3,7 @@ * * Configuration file for CUPS and Xcode. * - * Copyright 2007-2014 by Apple Inc. + * Copyright 2007-2015 by Apple Inc. * Copyright 1997-2007 by Easy Software Products. * * These coded instructions, statements, and computer programs are the @@ -16,6 +16,8 @@ #ifndef _CUPS_CONFIG_H_ #define _CUPS_CONFIG_H_ +#include <AvailabilityMacros.h> + /* * Version of software... */ @@ -351,6 +353,15 @@ /* + * Do we have (a working) SSLSetEnabledCiphers function? + */ + +#ifdef AVAILABLE_MAC_OS_X_VERSION_10_11_AND_LATER +# define HAVE_SSLSETENABLEDCIPHERS 1 +#endif /* AVAILABLE_MAC_OS_X_VERSION_10_11_AND_LATER */ + + +/* * Do we have libpaper? */ |