[Bug-wget] Deprecate TLS 1.0 and TLS 1.1

Loganaden Velvindron Tue, 19 Jun 2018 03:45:25 -0700

Hi All,

As per:
https://tools.ietf.org/html/draft-moriarty-tls-oldversions-diediedie-00


Attached is a tentative patch to disable TLS 1.0 and TLS 1.1 by
default. No doubt that this will cause some discussions, I'm open to
hearing all opinions on this.

diff --git a/src/openssl.c b/src/openssl.c
index 6cf4afe9..fd520423 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -225,7 +225,7 @@ ssl_init (void)
     case secure_protocol_auto:
     case secure_protocol_pfs:
       meth = SSLv23_client_method ();
-      ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+      ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
       break;
     case secure_protocol_tlsv1:
 #if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)

[Bug-wget] Deprecate TLS 1.0 and TLS 1.1

Reply via email to