On Thu, Apr 05, 2018 at 10:35:55AM +0100, Frediano Ziglio wrote: > TLS v1.0 is now considered insecure. > The protocol is already disabled on the server side. + commit fac12737d > To avoid downgrade attacks disable it even on the client. + Related: https://bugzilla.redhat.com/show_bug.cgi?id=1521053 > Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx> Should be fine indeed, Acked-by: Victor Toso <victortoso@xxxxxxxxxx> > --- > src/spice-channel.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/spice-channel.c b/src/spice-channel.c > index 4f6a6bc..e39d59b 100644 > --- a/src/spice-channel.c > +++ b/src/spice-channel.c > @@ -2539,7 +2539,7 @@ static void *spice_channel_coroutine(void *data) > int rc, delay_val = 1; > /* When some other SSL/TLS version becomes obsolete, add it to this > * variable. */ > - long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; > + long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1; > > CHANNEL_DEBUG(channel, "Started background coroutine %p", &c->coroutine); > > -- > 2.14.3 > > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > https://lists.freedesktop.org/mailman/listinfo/spice-devel
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel