pxcloud/spice
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice synced 2025-12-26 22:48:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

reds: Disable TLS 1.0

Browse Source 
TLS 1.0 is considered now insecure.
TLS 1.1 was introduced in 2006.
Our SPICE clients uses OpenSSL to use TLS and the support for TLS 1.1
in OpenSSL was introduced in 2006 too so even in systems like
Windows XP which are not officially supporting TLS 1.0 will work
with SPICE and TLS 1.1.
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1521053.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Victor Toso <victortoso@redhat.com>
This commit is contained in:
Frediano Ziglio 2018-02-11 18:27:41 +00:00
parent afb90c1640
commit fac12737d5
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/reds.c
View File

@ -2728,10 +2728,10 @@ static int reds_init_ssl(RedsState *reds)
static GOnce openssl_once = G_ONCE_INIT;
const SSL_METHOD *ssl_method;
int return_code;
/* Limit connection to TLSv1 only.
/* Limit connection to TLSv1.1 or newer.
* When some other SSL/TLS version becomes obsolete, add it to this
* variable. */
long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1;
/* Global system initialization*/
g_once(&openssl_once, openssl_global_init, NULL);