diff options
| author | Jeremie Courreges-Anglas <jca@cvs.openbsd.org> | 2019-05-14 05:58:37 +0000 |
|---|---|---|
| committer | Jeremie Courreges-Anglas <jca@cvs.openbsd.org> | 2019-05-14 05:58:37 +0000 |
| commit | 66bb96c3a3bf122d75175f97ed96d07e020e4c26 (patch) | |
| tree | 1b5a5af3bff11189767335adb79e0d4308e28ea8 /usr.bin | |
| parent | 68bca40dcb790336720f8cf7665de220eae1db30 (diff) | |
Enable TLSv1.0 and TLSv1.1
Like the old ftp. Discussed with at least with tedu@ "We should match
existing behavior at least for now"
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ftp/http.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/usr.bin/ftp/http.c b/usr.bin/ftp/http.c index d2ac4905973..b1cd217189c 100644 --- a/usr.bin/ftp/http.c +++ b/usr.bin/ftp/http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: http.c,v 1.7 2019/05/14 02:30:00 sunil Exp $ */ +/* $OpenBSD: http.c,v 1.8 2019/05/14 05:58:36 jca Exp $ */ /* * Copyright (c) 2015 Sunil Nimmagadda <sunil@openbsd.org> @@ -658,6 +658,10 @@ https_init(char *tls_options) if ((tls_config = tls_config_new()) == NULL) errx(1, "tls_config_new failed"); + if (tls_config_set_protocols(tls_config, TLS_PROTOCOLS_ALL) != 0) + errx(1, "tls set protocols failed: %s", + tls_config_error(tls_config)); + if (tls_config_set_ciphers(tls_config, "legacy") != 0) errx(1, "tls set ciphers failed: %s", tls_config_error(tls_config)); |