Skip to content
Snippets Groups Projects
Commit f94f0012 authored by Frediano Ziglio's avatar Frediano Ziglio
Browse files

spice-channel: Disable TLS v1.0 

TLS v1.0 is now considered insecure.
The protocol is already disabled on the server side (cfr commit commit
fac12737d "reds: Disable TLS 1.0").
To avoid downgrade attacks disable it even on the client.

Related: https://bugzilla.redhat.com/show_bug.cgi?id=1521053



Signed-off-by: default avatarFrediano Ziglio <fziglio@redhat.com>
Acked-by: default avatarVictor Toso <victortoso@redhat.com>
parent cf5e5e3e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 1 deletion
src/spice-channel.c
+ 1
1
View file @ f94f0012
@@ -2531,7 +2531,7 @@ static void *spice_channel_coroutine(void *data)
int rc, delay_val = 1;
/* When some other SSL/TLS version becomes obsolete, add it to this
* variable. */
long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1;
 
CHANNEL_DEBUG(channel, "Started background coroutine %p", &c->coroutine);
 
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment