From 962f887a64422c8e0a7f12131d8401211ef8cd74 Mon Sep 17 00:00:00 2001
From: Andreas Kotes <count@flatline.de>
Date: Tue, 15 Apr 2014 13:06:58 +0200
Subject: allow the use of TLSv1 / TLSv1_1 again

---
 vchat-ssl.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'vchat-ssl.c')

diff --git a/vchat-ssl.c b/vchat-ssl.c
index 2b41432..0333aee 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -61,8 +61,8 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
    X509_STORE           *store            = NULL;
    vc_x509verify_cb_t   verify_callback   = NULL;
 
-   /* Explicitly use TLSv1_2 (or maybe later) */
-   if( !(ctx = SSL_CTX_new(TLSv1_2_client_method())) )
+   /* Explicitly use TLSv1 (or maybe later) */
+   if( !(ctx = SSL_CTX_new(TLSv1_client_method())) )
       VC_CTX_ERR_EXIT(store, ctx);
 
    if( !(store = vc_x509store_create(vc_store)) )
@@ -70,8 +70,8 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
 
    SSL_CTX_set_cert_store(ctx, store);
    store = NULL;
-   /* Disable A LOT of insecure protocols explicitly */
-   SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1);
+   /* Disable some insecure protocols explicitly */
+   SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
    SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
 
    SSL_CTX_set_verify_depth (ctx, 2);
-- 
cgit v1.2.3