[Spice-devel] [PATCH spice-gtk v2] spice-channel: Disable TLS v1.0
Victor Toso
victortoso at redhat.com
Thu Apr 5 11:23:46 UTC 2018
On Thu, Apr 05, 2018 at 10:56:57AM +0100, Frediano Ziglio wrote:
> TLS v1.0 is now considered insecure.
> The protocol is already disabled on the server side (cfr commit commit
> fac12737d "reds: Disable TLS 1.0").
> To avoid downgrade attacks disable it even on the client.
>
> Related: https://bugzilla.redhat.com/show_bug.cgi?id=1521053
>
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
Acked-by: Victor Toso <victortoso at redhat.com>
> ---
> src/spice-channel.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Changes since v1:
> - updated commit message.
>
> diff --git a/src/spice-channel.c b/src/spice-channel.c
> index 4f6a6bc..e39d59b 100644
> --- a/src/spice-channel.c
> +++ b/src/spice-channel.c
> @@ -2539,7 +2539,7 @@ static void *spice_channel_coroutine(void *data)
> int rc, delay_val = 1;
> /* When some other SSL/TLS version becomes obsolete, add it to this
> * variable. */
> - long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
> + long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1;
>
> CHANNEL_DEBUG(channel, "Started background coroutine %p", &c->coroutine);
>
> --
> 2.14.3
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20180405/f48b5e2c/attachment.sig>
More information about the Spice-devel
mailing list