Commit 6bd173fc authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Don't disable TLS v1.2 by default any more.

parent 6b00cd74
Loading
Loading
Loading
Loading
+0 −3
Original line number Diff line number Diff line
@@ -1044,9 +1044,6 @@ bad:
		SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
		}
#endif
	/* HACK while TLS v1.2 is disabled by default */
	if (!(off & SSL_OP_NO_TLSv1_2))
		SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2);
	if (bugs)
		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
	else
+0 −3
Original line number Diff line number Diff line
@@ -1463,9 +1463,6 @@ bad:
	SSL_CTX_set_quiet_shutdown(ctx,1);
	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
	/* HACK while TLS v1.2 is disabled by default */
	if (!(off & SSL_OP_NO_TLSv1_2))
		SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2);
	SSL_CTX_set_options(ctx,off);
	/* DTLS: partial reads end up discarding unread UDP bytes :-( 
	 * Setting read ahead solves this problem.
+0 −2
Original line number Diff line number Diff line
@@ -1717,8 +1717,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
	 * deployed might change this.
	 */
	ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
	/* Disable TLS v1.2 by default for now */
	ret->options |= SSL_OP_NO_TLSv1_2;

	return(ret);
err: