TLS v1.0 is now considered insecure. The protocol is already disabled on the server side (cfr commit commit fac12737d "reds: Disable TLS 1.0"). To avoid downgrade attacks disable it even on the client. Related: https://bugzilla.redhat.com/show_bug.cgi?id=1521053 Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx> --- src/spice-channel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changes since v1: - updated commit message. diff --git a/src/spice-channel.c b/src/spice-channel.c index 4f6a6bc..e39d59b 100644 --- a/src/spice-channel.c +++ b/src/spice-channel.c @@ -2539,7 +2539,7 @@ static void *spice_channel_coroutine(void *data) int rc, delay_val = 1; /* When some other SSL/TLS version becomes obsolete, add it to this * variable. */ - long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1; CHANNEL_DEBUG(channel, "Started background coroutine %p", &c->coroutine); -- 2.14.3 _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel