1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
From: Kyle Robbertze <paddatrapper@debian.org>
Date: Mon, 29 Jul 2019 12:46:02 -0300
Subject: Remove TLS 1, 1.1 and 1.2 support
These are deprecated upstream
---
src/ssl_stubs.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/ssl_stubs.c b/src/ssl_stubs.c
index 3d431b8..293ba19 100644
--- a/src/ssl_stubs.c
+++ b/src/ssl_stubs.c
@@ -58,6 +58,8 @@
#include <pthread.h>
#endif
+#define DEBIAN_DISABLE_TLS1
+
static int client_verify_callback(int, X509_STORE_CTX *);
static DH *load_dh_param(const char *dhfile);
@@ -329,6 +331,7 @@ static const SSL_METHOD *get_method(int protocol, int type)
#endif
case 2:
+#ifndef DEBIAN_DISABLE_TLS1
switch (type)
{
case 0:
@@ -343,10 +346,12 @@ static const SSL_METHOD *get_method(int protocol, int type)
method = TLSv1_method();
break;
}
+#endif
break;
case 3:
#ifdef HAVE_TLS11
+#ifndef DEBIAN_DISABLE_TLS1
switch (type)
{
case 0:
@@ -361,11 +366,13 @@ static const SSL_METHOD *get_method(int protocol, int type)
method = TLSv1_1_method();
break;
}
+#endif
#endif
break;
case 4:
#ifdef HAVE_TLS12
+#ifndef DEBIAN_DISABLE_TLS1
switch (type)
{
case 0:
@@ -380,6 +387,7 @@ static const SSL_METHOD *get_method(int protocol, int type)
method = TLSv1_2_method();
break;
}
+#endif
#endif
break;
|
