Hey, ----- Original Message ----- > TLS 1.0 is considered now insecure. > TLS 1.1 was introduced in 2006. > Our SPICE clients uses OpenSSL to use TLS and the support for TLS 1.1 > in OpenSSL was introduced in 2006 too so even in systems like > Windows XP which are not officially supporting TLS 1.0 will work > with SPICE and TLS 1.1. > This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1521053. Yes, this should be fine. Ack. > > Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx> > --- > server/reds.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > Changes since v1: > - update comment to be more precise. > > diff --git a/server/reds.c b/server/reds.c > index fa5e838a..a31ed4e9 100644 > --- a/server/reds.c > +++ b/server/reds.c > @@ -2728,10 +2728,10 @@ static int reds_init_ssl(RedsState *reds) > static GOnce openssl_once = G_ONCE_INIT; > const SSL_METHOD *ssl_method; > int return_code; > - /* Limit connection to TLSv1 only. > + /* Limit connection to TLSv1.1 or newer. > * When some other SSL/TLS version becomes obsolete, add it to this > * variable. */ > - long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | > SSL_OP_NO_COMPRESSION; > + long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | > SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1; > > /* Global system initialization*/ > g_once(&openssl_once, openssl_global_init, NULL); > -- > 2.14.3 > > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > https://lists.freedesktop.org/mailman/listinfo/spice-devel > _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel