From 65ac7ddcccbf28158d75cfa4e524500f5fdd5f4e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Mart=C3=ADn=20Nieto?= <cmn@dwim.me>
Date: Tue, 24 Mar 2015 16:31:51 +0100
Subject: SecureTransport: require TLS v1.x

Anything SSL is deprecated. Let's make sure we don't try to use SSL v3
when talking to the server.
---
 src/stransport_stream.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/stransport_stream.c b/src/stransport_stream.c
index 644a5a7c2..db993ffb7 100644
--- a/src/stransport_stream.c
+++ b/src/stransport_stream.c
@@ -225,6 +225,8 @@ int git_stransport_stream_new(git_stream **out, const char *host, const char *po
 	if ((ret = SSLSetIOFuncs(st->ctx, read_cb, write_cb)) != noErr ||
 	    (ret = SSLSetConnection(st->ctx, st->io)) != noErr ||
 	    (ret = SSLSetSessionOption(st->ctx, kSSLSessionOptionBreakOnServerAuth, true)) != noErr ||
+	    (ret = SSLSetProtocolVersionMin(st->ctx, kTLSProtocol1)) != noErr ||
+	    (ret = SSLSetProtocolVersionMax(st->ctx, kTLSProtocol12)) != noErr ||
 	    (ret = SSLSetPeerDomainName(st->ctx, host, strlen(host))) != noErr) {
 		git_stream_free((git_stream *)st);
 		return stransport_error(ret);
-- 
cgit v1.2.1