From 1b23ebf6449de5975f057ead439cc66041249783 Mon Sep 17 00:00:00 2001
From: se <se@example.com>
Date: Sat, 6 Jan 2018 19:10:52 +0900
Subject: Extend ssl_forbid_method to disable TLSv1.1

Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874218#5
---
 url.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'url.c')

diff --git a/url.c b/url.c
index 0378913..aae5a97 100644
--- a/url.c
+++ b/url.c
@@ -338,6 +338,10 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
 		option |= SSL_OP_NO_TLSv1;
 	    if (strchr(ssl_forbid_method, 'T'))
 		option |= SSL_OP_NO_TLSv1;
+	    if (strchr(ssl_forbid_method, 't1.1'))
+		option |= SSL_OP_NO_TLSv1_1;
+	    if (strchr(ssl_forbid_method, 'T1.1'))
+		option |= SSL_OP_NO_TLSv1_1;
 	}
 #ifdef SSL_OP_NO_COMPRESSION
 	option |= SSL_OP_NO_COMPRESSION;
-- 
cgit v1.2.3