[PATCH spice-gtk] spice-channel: Disable TLS v1.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



TLS v1.0 is now considered insecure.
The protocol is already disabled on the server side.
To avoid downgrade attacks disable it even on the client.

Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
---
 src/spice-channel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/spice-channel.c b/src/spice-channel.c
index 4f6a6bc..e39d59b 100644
--- a/src/spice-channel.c
+++ b/src/spice-channel.c
@@ -2539,7 +2539,7 @@ static void *spice_channel_coroutine(void *data)
     int rc, delay_val = 1;
     /* When some other SSL/TLS version becomes obsolete, add it to this
      * variable. */
-    long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+    long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1;
 
     CHANNEL_DEBUG(channel, "Started background coroutine %p", &c->coroutine);
 
-- 
2.14.3

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]