diff options
Diffstat (limited to 'cups/tls-boringssl.c')
-rw-r--r-- | cups/tls-boringssl.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/cups/tls-boringssl.c b/cups/tls-boringssl.c index a8b7de54..c3f9abc4 100644 --- a/cups/tls-boringssl.c +++ b/cups/tls-boringssl.c @@ -29,7 +29,9 @@ static char *tls_keypath = NULL; /* Server cert keychain path */ -static int tls_options = -1;/* Options for TLS connections */ +static int tls_options = -1,/* Options for TLS connections */ + tls_min_version = _HTTP_TLS_1_0, + tls_max_version = _HTTP_TLS_MAX; /* @@ -309,9 +311,11 @@ _httpTLSRead(http_t *http, /* I - Connection to server */ */ void -_httpTLSSetOptions(int options) /* I - Options */ +_httpTLSSetOptions(int options, int min_version, int max_version) /* I - Options */ { tls_options = options; + tls_min_version = min_version; + tls_max_version = max_version; } @@ -349,8 +353,8 @@ _httpTLSStart(http_t *http) /* I - Connection to server */ } context = SSL_CTX_new(TLS_method()); - if (tls_options & _HTTP_TLS_DENY_TLS10) - SSL_CTX_set_min_proto_version(context, TLS1_1_VERSION); + SSL_CTX_set_min_proto_version(context, tls_min_version); + SSL_CTX_set_max_proto_version(context, tls_max_version); bio = BIO_new(_httpBIOMethods()); BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)http); |