Inicio Explorar Axuda
Rexistro Iniciar sesión
Apq
/
winscp
réplica de https://github.com/winscp/winscp.git
1
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

Since OpenSSL 3, SSL 3.0, TLS 1.0 and 1.1 are enabled on security level 0 only

Source commit: e3258aa4b0246698b9a7660e11c4c420960a9a11
Martin Prikryl %!s(int64=2) %!d(string=hai) anos
pai
6f38e242d9
achega
6897b31097
Modificáronse 1 ficheiros con 7 adicións e 1 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 7 1
      source/core/NeonIntf.cpp

+ 7 - 1
source/core/NeonIntf.cpp
Ver ficheiro 

@@ -542,15 +542,21 @@ UnicodeString __fastcall NeonTlsSessionInfo(
 
 //---------------------------------------------------------------------------

 void SetupSsl(ssl_st * Ssl, TTlsVersion MinTlsVersion, TTlsVersion MaxTlsVersion)

 {

+  MaxTlsVersion = (TTlsVersion)std::max(MaxTlsVersion, tls10); // the lowest currently supported version

   #define MASK_TLS_VERSION(VERSION, FLAG) ((MinTlsVersion > VERSION) || (MaxTlsVersion < VERSION) ? FLAG : 0)

   int Options =

-    MASK_TLS_VERSION(ssl3, SSL_OP_NO_SSLv3) |

     MASK_TLS_VERSION(tls10, SSL_OP_NO_TLSv1) |

     MASK_TLS_VERSION(tls11, SSL_OP_NO_TLSv1_1) |

     MASK_TLS_VERSION(tls12, SSL_OP_NO_TLSv1_2) |

     MASK_TLS_VERSION(tls13, SSL_OP_NO_TLSv1_3);

   // adds flags (not sets)

   SSL_set_options(Ssl, Options);

+

+  // Since OpenSSL 3, SSL 3.0, TLS 1.0 and 1.1 are enabled on security level 0 only

+  if (MinTlsVersion <= tls11)

+  {

+    SSL_set_security_level(Ssl, 0);

+  }

 }

 //---------------------------------------------------------------------------

 void UpdateNeonDebugMask()