diff options
| author |   jca <jca@openbsd.org> | 2019-05-14 05:58:36 +0000 |
|---|---|---|
| committer | jca <jca@openbsd.org> | 2019-05-14 05:58:36 +0000 |
| commit | a98704bb5476dce9029143efa36c630182e4d226 (patch) | |
| tree | ecf8601cd3318eeaf46f087d631eda82770a54df | |
| parent | Use propper regress target to integrate better into test framework. (diff) | |
| download | wireguard-openbsd-a98704bb5476dce9029143efa36c630182e4d226.tar.xz wireguard-openbsd-a98704bb5476dce9029143efa36c630182e4d226.zip | |
Enable TLSv1.0 and TLSv1.1
Like the old ftp. Discussed with at least with tedu@ "We should match
existing behavior at least for now"
| -rw-r--r-- | usr.bin/ftp/http.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/usr.bin/ftp/http.c b/usr.bin/ftp/http.c index d2ac4905973..b1cd217189c 100644 --- a/usr.bin/ftp/http.c +++ b/usr.bin/ftp/http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: http.c,v 1.7 2019/05/14 02:30:00 sunil Exp $ */ +/* $OpenBSD: http.c,v 1.8 2019/05/14 05:58:36 jca Exp $ */ /* * Copyright (c) 2015 Sunil Nimmagadda <sunil@openbsd.org> @@ -658,6 +658,10 @@ https_init(char *tls_options) if ((tls_config = tls_config_new()) == NULL) errx(1, "tls_config_new failed"); + if (tls_config_set_protocols(tls_config, TLS_PROTOCOLS_ALL) != 0) + errx(1, "tls set protocols failed: %s", + tls_config_error(tls_config)); + if (tls_config_set_ciphers(tls_config, "legacy") != 0) errx(1, "tls set ciphers failed: %s", tls_config_error(tls_config)); |