diff options
author | Carlos Martín Nieto <cmn@dwim.me> | 2015-03-24 16:31:51 +0100 |
---|---|---|
committer | Carlos Martín Nieto <cmn@dwim.me> | 2015-04-23 17:43:44 +0200 |
commit | 65ac7ddcccbf28158d75cfa4e524500f5fdd5f4e (patch) | |
tree | 24c5b5927736208eb61376a52d845ff7f0bf1c84 | |
parent | 85247df0844501e8017f54bcbccfd3e72bb6c7c1 (diff) | |
download | libgit2-65ac7ddcccbf28158d75cfa4e524500f5fdd5f4e.tar.gz |
SecureTransport: require TLS v1.x
Anything SSL is deprecated. Let's make sure we don't try to use SSL v3
when talking to the server.
-rw-r--r-- | src/stransport_stream.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/stransport_stream.c b/src/stransport_stream.c index 644a5a7c2..db993ffb7 100644 --- a/src/stransport_stream.c +++ b/src/stransport_stream.c @@ -225,6 +225,8 @@ int git_stransport_stream_new(git_stream **out, const char *host, const char *po if ((ret = SSLSetIOFuncs(st->ctx, read_cb, write_cb)) != noErr || (ret = SSLSetConnection(st->ctx, st->io)) != noErr || (ret = SSLSetSessionOption(st->ctx, kSSLSessionOptionBreakOnServerAuth, true)) != noErr || + (ret = SSLSetProtocolVersionMin(st->ctx, kTLSProtocol1)) != noErr || + (ret = SSLSetProtocolVersionMax(st->ctx, kTLSProtocol12)) != noErr || (ret = SSLSetPeerDomainName(st->ctx, host, strlen(host))) != noErr) { git_stream_free((git_stream *)st); return stransport_error(ret); |