Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
sblim-sfcb.23461
no_tls11_config.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File no_tls11_config.patch of Package sblim-sfcb.23461
Index: sblim-sfcb-1.4.9/control.c =================================================================== --- sblim-sfcb-1.4.9.orig/control.c +++ sblim-sfcb-1.4.9/control.c @@ -177,6 +177,9 @@ static Control init[] = { {"sslEcDhCurveName", CTL_STRING, "secp224r1", {0}}, {"sslNoSSLv3", CTL_BOOL, NULL, {.b=0}}, {"sslNoTLSv1", CTL_BOOL, NULL, {.b=0}}, + {"sslNoTLSv1_1", CTL_BOOL, NULL, {.b=0}}, + {"sslNoTLSv1_2", CTL_BOOL, NULL, {.b=0}}, + {"sslNoTLSv1_3", CTL_BOOL, NULL, {.b=0}}, {"enableSslCipherServerPref", CTL_BOOL, NULL, {.b=0}}, {"registrationDir", CTL_STRING, SFCB_STATEDIR "/registration", {0}}, Index: sblim-sfcb-1.4.9/sfcb.cfg.pre.in =================================================================== --- sblim-sfcb-1.4.9.orig/sfcb.cfg.pre.in +++ sblim-sfcb-1.4.9/sfcb.cfg.pre.in @@ -294,6 +294,9 @@ sslCiphers: ALL:!ADH:!LOW:!EXP:!MD5:@STR ## Default is false for both #sslNoSSLv3: false #sslNoTLSv1: false +#sslNoTLSv1_1: false +#sslNoTLSv1_2: false +#sslNoTLSv1_3: false ## Optionally configure a DH parameters file for ephemeral key generation. ## See man SSL_CTX_set_tmp_dh_callback(3) for details. The value should be Index: sblim-sfcb-1.4.9/httpAdapter.c =================================================================== --- sblim-sfcb-1.4.9.orig/httpAdapter.c +++ sblim-sfcb-1.4.9/httpAdapter.c @@ -2089,13 +2089,27 @@ initSSL() */ long options = SSL_OP_ALL | SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2; +#ifndef SSL_OP_NO_TLSv1_3 +# define SSL_OP_NO_TLSv1_3 0x20000000U +#endif + if (!getControlBool("sslNoSSLv3", &sslopt) && sslopt) options |= SSL_OP_NO_SSLv3; if (!getControlBool("sslNoTLSv1", &sslopt) && sslopt) options |= SSL_OP_NO_TLSv1; - _SFCB_TRACE(1, ("--- sslNoSSLv3=%s, sslNoTLSv1=%s", + if (!getControlBool("sslNoTLSv1_1", &sslopt) && sslopt) + options |= SSL_OP_NO_TLSv1_1; + if (!getControlBool("sslNoTLSv1_2", &sslopt) && sslopt) + options |= SSL_OP_NO_TLSv1_2; + if (!getControlBool("sslNoTLSv1_3", &sslopt) && sslopt) + options |= SSL_OP_NO_TLSv1_3; + _SFCB_TRACE(1, ("--- sslNoSSLv3=%s, sslNoTLSv1=%s, sslNoTLSv1_1=%s, sslNoTLSv1_2=%s, sslNoTLSv1_3=%s", (options & SSL_OP_NO_SSLv3 ? "true" : "false"), - (options & SSL_OP_NO_TLSv1 ? "true" : "false"))); + (options & SSL_OP_NO_TLSv1 ? "true" : "false"), + (options & SSL_OP_NO_TLSv1_1 ? "true" : "false"), + (options & SSL_OP_NO_TLSv1_2 ? "true" : "false"), + (options & SSL_OP_NO_TLSv1_3 ? "true" : "false") + )); if (!getControlBool("enableSslCipherServerPref", &sslopt) && sslopt) { _SFCB_TRACE(1, ("--- enableSslCipherServerPref = true"));
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor