aboutsummaryrefslogtreecommitdiffstats
path: root/cups/tls-boringssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'cups/tls-boringssl.c')
-rw-r--r--cups/tls-boringssl.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/cups/tls-boringssl.c b/cups/tls-boringssl.c
index a8b7de54..c3f9abc4 100644
--- a/cups/tls-boringssl.c
+++ b/cups/tls-boringssl.c
@@ -29,7 +29,9 @@
static char *tls_keypath = NULL;
/* Server cert keychain path */
-static int tls_options = -1;/* Options for TLS connections */
+static int tls_options = -1,/* Options for TLS connections */
+ tls_min_version = _HTTP_TLS_1_0,
+ tls_max_version = _HTTP_TLS_MAX;
/*
@@ -309,9 +311,11 @@ _httpTLSRead(http_t *http, /* I - Connection to server */
*/
void
-_httpTLSSetOptions(int options) /* I - Options */
+_httpTLSSetOptions(int options, int min_version, int max_version) /* I - Options */
{
tls_options = options;
+ tls_min_version = min_version;
+ tls_max_version = max_version;
}
@@ -349,8 +353,8 @@ _httpTLSStart(http_t *http) /* I - Connection to server */
}
context = SSL_CTX_new(TLS_method());
- if (tls_options & _HTTP_TLS_DENY_TLS10)
- SSL_CTX_set_min_proto_version(context, TLS1_1_VERSION);
+ SSL_CTX_set_min_proto_version(context, tls_min_version);
+ SSL_CTX_set_max_proto_version(context, tls_max_version);
bio = BIO_new(_httpBIOMethods());
BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)http);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-25 04:20:00 +0000