On Thu, Mar 28, 2013 at 12:31 PM, Ken Thomases <k...@codeweavers.com> wrote:
> On Mar 28, 2013, at 6:05 AM, Jacek Caban wrote:
>
> > --- a/dlls/secur32/schannel_macosx.c
> > +++ b/dlls/secur32/schannel_macosx.c
> > @@ -630,6 +630,11 @@ static OSStatus schan_push_adapter(SSLConnectionRef
> transport, const void *buff,
> > return ret;
> > }
> >
> > +DWORD schan_imp_enabled_protocols(void)
> > +{
> > + /* NOTE: No support for TLS 1.1 and TLS 1.2 */
> > + return SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT |
> SP_PROT_TLS1_0_CLIENT;
>
Do we really want to continue supporting SSL2? It's got a number of
vulnerabilities, and is disabled pretty much everywhere by now:
http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
--Juan
