Extend ssl_forbid_method to disable TLSv1.1

Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874218#5

7 files changed, 14 insertions, 10 deletions

diff --git a/po/de.po b/po/de.po
index 96489c1..9e8b6f8 100644
--- a/po/de.po
+++ b/po/de.po
@@ -592,8 +592,8 @@ msgid "File consisting of PEM encoded certificates of CAs"
 msgstr "Datei mit PEM-kodierten Zertifikaten von CAs"
 
 #: rc.c:205
-msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t:TLSv1)"
-msgstr "Liste unzulässiger SSL-Verfahren (2: SSLv2, 3: SSLv3, t: TLSv1)"
+msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
+msgstr "Liste unzulässiger SSL-Verfahren (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
 
 #: rc.c:208
 msgid "Enable cookie processing"
diff --git a/po/ja.po b/po/ja.po
index 3810d30..3285d14 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -583,8 +583,8 @@ msgid "File consisting of PEM encoded certificates of CAs"
 msgstr "SSLの認証局のPEM形式証明書群のファイル"
 
 #: rc.c:205
-msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t:TLSv1)"
-msgstr "使わないSSLメソッドのリスト(2: SSLv2, 3: SSLv3, t:TLSv1)"
+msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
+msgstr "使わないSSLメソッドのリスト(2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
 
 #: rc.c:208
 msgid "Enable cookie processing"
diff --git a/po/w3m.pot b/po/w3m.pot
index 607e26f..405b70a 100644
--- a/po/w3m.pot
+++ b/po/w3m.pot
@@ -582,7 +582,7 @@ msgid "File consisting of PEM encoded certificates of CAs"
 msgstr ""
 
 #: rc.c:205
-msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t:TLSv1)"
+msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
 msgstr ""
 
 #: rc.c:208
diff --git a/po/zh_CN.po b/po/zh_CN.po
index 8cfa8fd..00da93b 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -587,8 +587,8 @@ msgid "File consisting of PEM encoded certificates of CAs"
 msgstr "包含 PEM 编码 CA 证书的文件"
 
 #: rc.c:205
-msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t:TLSv1)"
-msgstr "被禁止的 SSL 方式列表 (2: SSLv2, 3: SSLv3, t:TLSv1)"
+msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
+msgstr "被禁止的 SSL 方式列表 (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
 
 #: rc.c:208
 msgid "Enable cookie processing"
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 954a4d2..3cb862e 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -587,8 +587,8 @@ msgid "File consisting of PEM encoded certificates of CAs"
 msgstr "包含 PEM 編碼 CA 證書的檔案"
 
 #: rc.c:205
-msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t:TLSv1)"
-msgstr "被禁止的 SSL 方式列表 (2: SSLv2, 3: SSLv3, t:TLSv1)"
+msgid "List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
+msgstr "被禁止的 SSL 方式列表 (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)"
 
 #: rc.c:208
 msgid "Enable cookie processing"
diff --git a/rc.c b/rc.c
index 7de87b8..3900fb2 100644
--- a/rc.c
+++ b/rc.c
@@ -202,7 +202,7 @@ static int OptionEncode = FALSE;
 #define CMT_SSL_CA_PATH N_("Path to directory for PEM encoded certificates of CAs")
 #define CMT_SSL_CA_FILE N_("File consisting of PEM encoded certificates of CAs")
 #endif				/* USE_SSL_VERIFY */
-#define CMT_SSL_FORBID_METHOD N_("List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t:TLSv1)")
+#define CMT_SSL_FORBID_METHOD N_("List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t: TLSv1.0, t1.1: TLSv1.1)")
 #endif				/* USE_SSL */
 #ifdef USE_COOKIE
 #define CMT_USECOOKIE   N_("Enable cookie processing")
diff --git a/url.c b/url.c
index 0378913..aae5a97 100644
--- a/url.c
+++ b/url.c
@@ -338,6 +338,10 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
 		option |= SSL_OP_NO_TLSv1;
 	    if (strchr(ssl_forbid_method, 'T'))
 		option |= SSL_OP_NO_TLSv1;
+	    if (strchr(ssl_forbid_method, 't1.1'))
+		option |= SSL_OP_NO_TLSv1_1;
+	    if (strchr(ssl_forbid_method, 'T1.1'))
+		option |= SSL_OP_NO_TLSv1_1;
 	}
 #ifdef SSL_OP_NO_COMPRESSION
 	option |= SSL_OP_NO_COMPRESSION;