ITS#7645 more OpenSSL TLS versions

33708687 · Philip Guenther · Quanah Gibson-Mount · 5f6e1f74 · 33708687
Commit 33708687 authored 11 years ago by Philip Guenther Committed by Quanah Gibson-Mount 11 years ago
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -219,6 +219,25 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
 			(const unsigned char *) "OpenLDAP", sizeof("OpenLDAP")-1 );
 	}

+#ifdef SSL_OP_NO_TLSv1
+#ifdef SSL_OP_NO_TLSv1_1
+#ifdef SSL_OP_NO_TLSv1_2
+	if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_2)
+		SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
+			SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
+			SSL_OP_NO_TLSv1_2 );
+	else
+#endif
+	if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_1)
+		SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
+			SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 );
+	else
+#endif
+	if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_0)
+		SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
+			SSL_OP_NO_TLSv1);
+	else
+#endif
 	if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL3 )
 		SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 );
 	else if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL2 )