MbedTLS: Disable TLSv1.0

This commit is contained in:
Aaron Jones 2016-12-30 17:54:05 +00:00
parent 35cd299395
commit c3abf98286
No known key found for this signature in database
GPG key ID: EC6F86EE9CD840B5

View file

@ -153,7 +153,7 @@ rb_ssl_init_fd(rb_fde_t *const F, const rb_fd_tls_direction dir)
return; return;
} }
mbedtls_ssl_config *mbed_config; mbedtls_ssl_config *mbed_config = NULL;
switch(dir) switch(dir)
{ {
@ -233,6 +233,9 @@ rb_mbedtls_cfg_new(void)
mbedtls_ssl_conf_authmode(&cfg->server_cfg, MBEDTLS_SSL_VERIFY_OPTIONAL); mbedtls_ssl_conf_authmode(&cfg->server_cfg, MBEDTLS_SSL_VERIFY_OPTIONAL);
mbedtls_ssl_conf_authmode(&cfg->client_cfg, MBEDTLS_SSL_VERIFY_NONE); mbedtls_ssl_conf_authmode(&cfg->client_cfg, MBEDTLS_SSL_VERIFY_NONE);
mbedtls_ssl_conf_min_version(&cfg->server_cfg, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2);
mbedtls_ssl_conf_min_version(&cfg->client_cfg, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2);
#ifdef MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE #ifdef MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
mbedtls_ssl_conf_legacy_renegotiation(&cfg->client_cfg, MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE); mbedtls_ssl_conf_legacy_renegotiation(&cfg->client_cfg, MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE);
#endif #endif