diff options
| -rw-r--r-- | doc-jp/README.SSL | 2 | ||||
| -rw-r--r-- | rc.c | 2 | ||||
| -rw-r--r-- | url.c | 12 |
3 files changed, 8 insertions, 8 deletions
diff --git a/doc-jp/README.SSL b/doc-jp/README.SSL index db1876f..b31e278 100644 --- a/doc-jp/README.SSL +++ b/doc-jp/README.SSL @@ -28,7 +28,7 @@ SSL サポートについて 5: TLSv1.1, 6: TLSv1.2, 7: TLSv1.3) (デフォルトは2, 3, t, 5). ssl_min_version - 最小のSSLバージョン, OpenSSL 1.1以上で有効(TLSv1.0, TLSv1.1, + 最小のSSLバージョン, OpenSSL 1.1以上で有効(all, TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3のいずれか) (デフォルトは<NULL>). ssl_ciphers TLSv1.2以下用のSSL暗号(例: DEFAULT:@SECLEVEL=2) (デフォルトは @@ -206,7 +206,7 @@ static int OptionEncode = FALSE; #endif /* USE_SSL_VERIFY */ #define CMT_SSL_FORBID_METHOD N_("List of forbidden SSL methods (2: SSLv2, 3: SSLv3, t: TLSv1.0, 5: TLSv1.1, 6: TLSv1.2, 7: TLSv1.3)") #ifdef SSL_CTX_set_min_proto_version -#define CMT_SSL_MIN_VERSION N_("Minimum SSL version (TLSv1.0, TLSv1.1, TLSv1.2, or TLSv1.3)") +#define CMT_SSL_MIN_VERSION N_("Minimum SSL version (all, TLSv1.0, TLSv1.1, TLSv1.2, or TLSv1.3)") #endif #define CMT_SSL_CIPHER N_("SSL ciphers for TLSv1.2 and below (e.g. DEFAULT:@SECLEVEL=2)") #endif /* USE_SSL */ @@ -297,6 +297,10 @@ init_PRNG() static int str_to_ssl_version(const char *name) { + if(!strcasecmp(name, "all")) + return 0; + if(!strcasecmp(name, "none")) + return 0; #ifdef TLS1_3_VERSION if (!strcasecmp(name, "TLSv1.3")) return TLS1_3_VERSION; @@ -317,11 +321,7 @@ str_to_ssl_version(const char *name) return SSL3_VERSION; if (!strcasecmp(name, "SSLv3")) return SSL3_VERSION; - if (!strcasecmp(name, "SSLv2.0")) - return SSL2_VERSION; - if (!strcasecmp(name, "SSLv2")) - return SSL2_VERSION; - return 0; + return -1; } #endif /* SSL_CTX_set_min_proto_version */ @@ -372,7 +372,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert) if (ssl_min_version && *ssl_min_version != '\0') { int sslver; sslver = str_to_ssl_version(ssl_min_version); - if (sslver <= 0 + if (sslver < 0 || !SSL_CTX_set_min_proto_version(ssl_ctx, sslver)) { free_ssl_ctx(); goto eend; |