diff options
author | Rob Crittenden <rcritten@redhat.com> | 2013-10-11 17:51:23 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2014-02-21 14:20:19 -0500 |
commit | 25e23d6aa024c875bbbaefc8f11d2780e09036b2 (patch) | |
tree | a2f12aa564969ee2152c750321e03b5a5743ea99 /nss_engine_vars.c | |
parent | 399685fc1bfaeb6bcb0e5879872338981c7453b7 (diff) | |
download | mod_nss-25e23d6aa024c875bbbaefc8f11d2780e09036b2.tar.gz mod_nss-25e23d6aa024c875bbbaefc8f11d2780e09036b2.tar.xz mod_nss-25e23d6aa024c875bbbaefc8f11d2780e09036b2.zip |
Add support for TLS v1.1, protocol ranges.
Set protocol version ranges:
(1) Set the minimum protocol accepted
(2) Set the maximum protocol accepted
(3) Protocol ranges extend from maximum down to minimum
protocol
(4) All protocol ranges are completely inclusive;
no protocol in the middle of a range may be excluded
(5) NSS automatically negotiates the use of the strongest
protocol for a connection starting with the maximum
specified protocol and downgrading as necessary to the
minimum specified protocol
For example, if SSL 3.0 is chosen as the minimum protocol, and
TLS 1.1 is chosen as the maximum protocol, SSL 3.0, TLS 1.0, and
TLS 1.1 will all be accepted as protocols, as TLS 1.0 will not
and cannot be excluded from this range. NSS will automatically
negotiate to utilize the strongest acceptable protocol for a
connection starting with the maximum specified protocol and
downgrading as necessary to the minimum specified protocol
(TLS 1.1 -> TLS 1.0 -> SSL 3.0).
BZ 816394
Diffstat (limited to 'nss_engine_vars.c')
-rw-r--r-- | nss_engine_vars.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/nss_engine_vars.c b/nss_engine_vars.c index b3dcf92..8f0379a 100644 --- a/nss_engine_vars.c +++ b/nss_engine_vars.c @@ -722,9 +722,13 @@ static char *nss_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c) case SSL_LIBRARY_VERSION_3_0: result = "SSLv3"; break; - case SSL_LIBRARY_VERSION_3_1_TLS: + case SSL_LIBRARY_VERSION_TLS_1_0: + /* 'TLSv1' has been deprecated; specify 'TLSv1.0' */ result = "TLSv1"; break; + case SSL_LIBRARY_VERSION_TLS_1_1: + result = "TLSv1.1"; + break; } } } |