aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorse <se@example.com>2018-01-06 10:10:52 +0000
committerTatsuya Kinoshita <tats@debian.org>2018-01-06 10:10:52 +0000
commit1b23ebf6449de5975f057ead439cc66041249783 (patch)
treef4fd0f29c90d9871331d313fe33998aaf01a542b
parentAccept TERM=fbterm (diff)
downloadw3m-1b23ebf6449de5975f057ead439cc66041249783.tar.gz
w3m-1b23ebf6449de5975f057ead439cc66041249783.zip
Extend ssl_forbid_method to disable TLSv1.1
Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874218#5
Diffstat (limited to '')
-rw-r--r--po/de.po4
-rw-r--r--po/ja.po4
-rw-r--r--po/w3m.pot2
-rw-r--r--po/zh_CN.po4
-rw-r--r--po/zh_TW.po4
-rw-r--r--rc.c2
-rw-r--r--url.c4
7 files changed, 14 insertions, 10 deletions
diff --git a/po/de.po b/po/de.po
index 96489c1..9e8b6f8 100644
--- a/po/de.po
+++ b/po/de.po
@@ -592,8 +592,8 @@ msgid "File consisting of PEM encoded certificates of CAs"
msgstr "Datei mit PEM-kodierten Zertifikaten von CAs"
#: rc.c:205
-msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t:TLSv1)"
-msgstr "Liste unzulässiger SSL-Verfahren (2: SSLv2, 3: SSLv3, t: TLSv1)"
+msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
+msgstr "Liste unzulässiger SSL-Verfahren (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
#: rc.c:208
msgid "Enable cookie processing"
diff --git a/po/ja.po b/po/ja.po
index 3810d30..3285d14 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -583,8 +583,8 @@ msgid "File consisting of PEM encoded certificates of CAs"
msgstr "SSLの認証局のPEM形式証明書群のファイル"
#: rc.c:205
-msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t:TLSv1)"
-msgstr "使わないSSLメソッドのリスト(2: SSLv2, 3: SSLv3, t:TLSv1)"
+msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
+msgstr "使わないSSLメソッドのリスト(2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
#: rc.c:208
msgid "Enable cookie processing"
diff --git a/po/w3m.pot b/po/w3m.pot
index 607e26f..405b70a 100644
--- a/po/w3m.pot
+++ b/po/w3m.pot
@@ -582,7 +582,7 @@ msgid "File consisting of PEM encoded certificates of CAs"
msgstr ""
#: rc.c:205
-msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t:TLSv1)"
+msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
msgstr ""
#: rc.c:208
diff --git a/po/zh_CN.po b/po/zh_CN.po
index 8cfa8fd..00da93b 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -587,8 +587,8 @@ msgid "File consisting of PEM encoded certificates of CAs"
msgstr "包含 PEM 编码 CA 证书的文件"
#: rc.c:205
-msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t:TLSv1)"
-msgstr "被禁止的 SSL 方式列表 (2: SSLv2, 3: SSLv3, t:TLSv1)"
+msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
+msgstr "被禁止的 SSL 方式列表 (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
#: rc.c:208
msgid "Enable cookie processing"
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 954a4d2..3cb862e 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -587,8 +587,8 @@ msgid "File consisting of PEM encoded certificates of CAs"
msgstr "包含 PEM 編碼 CA 證書的檔案"
#: rc.c:205
-msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t:TLSv1)"
-msgstr "被禁止的 SSL 方式列表 (2: SSLv2, 3: SSLv3, t:TLSv1)"
+msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
+msgstr "被禁止的 SSL 方式列表 (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
#: rc.c:208
msgid "Enable cookie processing"
diff --git a/rc.c b/rc.c
index 7de87b8..3900fb2 100644
--- a/rc.c
+++ b/rc.c
@@ -202,7 +202,7 @@ static int OptionEncode = FALSE;
#define CMT_SSL_CA_PATH N_("Path to directory for PEM encoded certificates of CAs")
#define CMT_SSL_CA_FILE N_("File consisting of PEM encoded certificates of CAs")
#endif /* USE_SSL_VERIFY */
-#define CMT_SSL_FORBID_METHOD N_("List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t:TLSv1)")
+#define CMT_SSL_FORBID_METHOD N_("List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)")
#endif /* USE_SSL */
#ifdef USE_COOKIE
#define CMT_USECOOKIE N_("Enable cookie processing")
diff --git a/url.c b/url.c
index 0378913..aae5a97 100644
--- a/url.c
+++ b/url.c
@@ -338,6 +338,10 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
option |= SSL_OP_NO_TLSv1;
if (strchr(ssl_forbid_method, 'T'))
option |= SSL_OP_NO_TLSv1;
+ if (strchr(ssl_forbid_method, 't1.1'))
+ option |= SSL_OP_NO_TLSv1_1;
+ if (strchr(ssl_forbid_method, 'T1.1'))
+ option |= SSL_OP_NO_TLSv1_1;
}
#ifdef SSL_OP_NO_COMPRESSION
option |= SSL_OP_NO_COMPRESSION;