Add support for TLS v1.1, protocol ranges.

Set protocol version ranges:

     (1) Set the minimum protocol accepted
     (2) Set the maximum protocol accepted
     (3) Protocol ranges extend from maximum down to minimum
         protocol
     (4) All protocol ranges are completely inclusive;
         no protocol in the middle of a range may be excluded
     (5) NSS automatically negotiates the use of the strongest
         protocol for a connection starting with the maximum
         specified protocol and downgrading as necessary to the
         minimum specified protocol

For example, if SSL 3.0 is chosen as the minimum protocol, and
TLS 1.1 is chosen as the maximum protocol, SSL 3.0, TLS 1.0, and
TLS 1.1 will all be accepted as protocols, as TLS 1.0 will not
and cannot be excluded from this range. NSS will automatically
negotiate to utilize the strongest acceptable protocol for a
connection starting with the maximum specified protocol and
downgrading as necessary to the minimum specified protocol
(TLS 1.1 -> TLS 1.0 -> SSL 3.0).

BZ 816394

1 files changed, 5 insertions, 1 deletions

diff --git a/nss_engine_vars.c b/nss_engine_vars.c
index b3dcf92..8f0379a 100644
--- a/nss_engine_vars.c
+++ b/nss_engine_vars.c
@@ -722,9 +722,13 @@ static char *nss_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c)
                 case SSL_LIBRARY_VERSION_3_0:
                     result = "SSLv3";
                     break;
-                case SSL_LIBRARY_VERSION_3_1_TLS:
+                case SSL_LIBRARY_VERSION_TLS_1_0:
+                    /* 'TLSv1' has been deprecated; specify 'TLSv1.0' */
                     result = "TLSv1";
                     break;
+                case SSL_LIBRARY_VERSION_TLS_1_1:
+                    result = "TLSv1.1";
+                    break;
             }
         }
     }