aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--doc-jp/README.SSL2
-rw-r--r--rc.c2
-rw-r--r--url.c12
3 files changed, 8 insertions, 8 deletions
diff --git a/doc-jp/README.SSL b/doc-jp/README.SSL
index db1876f..b31e278 100644
--- a/doc-jp/README.SSL
+++ b/doc-jp/README.SSL
@@ -28,7 +28,7 @@ SSL サポートについて
5: TLSv1.1, 6: TLSv1.2, 7: TLSv1.3)
(デフォルトは2, 3, t, 5).
ssl_min_version
- 最小のSSLバージョン, OpenSSL 1.1以上で有効(TLSv1.0, TLSv1.1,
+ 最小のSSLバージョン, OpenSSL 1.1以上で有効(all, TLSv1.0, TLSv1.1,
TLSv1.2, TLSv1.3のいずれか) (デフォルトは<NULL>).
ssl_ciphers
TLSv1.2以下用のSSL暗号(例: DEFAULT:@SECLEVEL=2) (デフォルトは
diff --git a/rc.c b/rc.c
index f2c4021..3c72ffb 100644
--- a/rc.c
+++ b/rc.c
@@ -206,7 +206,7 @@ static int OptionEncode = FALSE;
#endif /* USE_SSL_VERIFY */
#define CMT_SSL_FORBID_METHOD N_("List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t: TLSv1.0, 5: TLSv1.1, 6: TLSv1.2, 7: TLSv1.3)")
#ifdef SSL_CTX_set_min_proto_version
-#define CMT_SSL_MIN_VERSION N_("Minimum SSL version (TLSv1.0, TLSv1.1, TLSv1.2, or TLSv1.3)")
+#define CMT_SSL_MIN_VERSION N_("Minimum SSL version (all, TLSv1.0, TLSv1.1, TLSv1.2, or TLSv1.3)")
#endif
#define CMT_SSL_CIPHER N_("SSL ciphers for TLSv1.2 and below (e.g. DEFAULT:@SECLEVEL=2)")
#endif /* USE_SSL */
diff --git a/url.c b/url.c
index 4a228be..56f3222 100644
--- a/url.c
+++ b/url.c
@@ -297,6 +297,10 @@ init_PRNG()
static int
str_to_ssl_version(const char *name)
{
+ if(!strcasecmp(name, "all"))
+ return 0;
+ if(!strcasecmp(name, "none"))
+ return 0;
#ifdef TLS1_3_VERSION
if (!strcasecmp(name, "TLSv1.3"))
return TLS1_3_VERSION;
@@ -317,11 +321,7 @@ str_to_ssl_version(const char *name)
return SSL3_VERSION;
if (!strcasecmp(name, "SSLv3"))
return SSL3_VERSION;
- if (!strcasecmp(name, "SSLv2.0"))
- return SSL2_VERSION;
- if (!strcasecmp(name, "SSLv2"))
- return SSL2_VERSION;
- return 0;
+ return -1;
}
#endif /* SSL_CTX_set_min_proto_version */
@@ -372,7 +372,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
if (ssl_min_version && *ssl_min_version != '\0') {
int sslver;
sslver = str_to_ssl_version(ssl_min_version);
- if (sslver <= 0
+ if (sslver < 0
|| !SSL_CTX_set_min_proto_version(ssl_ctx, sslver)) {
free_ssl_ctx();
goto eend;