[Spice-commits] src/spice-channel.c
Frediano Ziglio
fziglio at kemper.freedesktop.org
Thu Apr 5 11:52:58 UTC 2018
src/spice-channel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit f94f0012b8cd2c69e8e06de44dd2a7a7d9bf7428
Author: Frediano Ziglio <fziglio at redhat.com>
Date: Thu Apr 5 10:35:23 2018 +0100
spice-channel: Disable TLS v1.0
TLS v1.0 is now considered insecure.
The protocol is already disabled on the server side (cfr commit commit
fac12737d "reds: Disable TLS 1.0").
To avoid downgrade attacks disable it even on the client.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1521053
Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
Acked-by: Victor Toso <victortoso at redhat.com>
diff --git a/src/spice-channel.c b/src/spice-channel.c
index c725903..55bdef9 100644
--- a/src/spice-channel.c
+++ b/src/spice-channel.c
@@ -2531,7 +2531,7 @@ static void *spice_channel_coroutine(void *data)
int rc, delay_val = 1;
/* When some other SSL/TLS version becomes obsolete, add it to this
* variable. */
- long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+ long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1;
CHANNEL_DEBUG(channel, "Started background coroutine %p", &c->coroutine);
More information about the Spice-commits
mailing list