From 144392c587160506b19d9cfe2a0fbe3b00f23aa6 Mon Sep 17 00:00:00 2001 From: dnobori Date: Tue, 5 May 2020 15:10:29 +0900 Subject: [PATCH] Add Tls_Disable1_3 Add Tls_Disable1_3 like Tls_Disable1_2 etc. This change is part of v4.34-9744-beta e3370fb62c31eb10d0d221e628161863358d4cc3 . --- src/Cedar/Server.c | 2 ++ src/Mayaqua/Network.c | 7 +++++++ src/Mayaqua/Network.h | 1 + 3 files changed, 10 insertions(+) diff --git a/src/Cedar/Server.c b/src/Cedar/Server.c index 21d375bb..4b5ae418 100644 --- a/src/Cedar/Server.c +++ b/src/Cedar/Server.c @@ -6043,6 +6043,7 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f) c->SslAcceptSettings.Tls_Disable1_0 = CfgGetBool(f, "Tls_Disable1_0"); c->SslAcceptSettings.Tls_Disable1_1 = CfgGetBool(f, "Tls_Disable1_1"); c->SslAcceptSettings.Tls_Disable1_2 = CfgGetBool(f, "Tls_Disable1_2"); + c->SslAcceptSettings.Tls_Disable1_3 = CfgGetBool(f, "Tls_Disable1_3"); s->StrictSyslogDatetimeFormat = CfgGetBool(f, "StrictSyslogDatetimeFormat"); @@ -6377,6 +6378,7 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s) CfgAddBool(f, "Tls_Disable1_0", c->SslAcceptSettings.Tls_Disable1_0); CfgAddBool(f, "Tls_Disable1_1", c->SslAcceptSettings.Tls_Disable1_1); CfgAddBool(f, "Tls_Disable1_2", c->SslAcceptSettings.Tls_Disable1_2); + CfgAddBool(f, "Tls_Disable1_3", c->SslAcceptSettings.Tls_Disable1_3); CfgAddInt(f, "DhParamBits", c->DhParamBits); // Disable session reconnect diff --git a/src/Mayaqua/Network.c b/src/Mayaqua/Network.c index c6f8346f..cc65291b 100644 --- a/src/Mayaqua/Network.c +++ b/src/Mayaqua/Network.c @@ -12147,6 +12147,13 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, UINT ssl_timeout, char *sni_hostname) } #endif // SSL_OP_NO_TLSv1_2 +#ifdef SSL_OP_NO_TLSv1_3 + if (sock->SslAcceptSettings.Tls_Disable1_3) + { + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3); + } +#endif // SSL_OP_NO_TLSv1_3 + Unlock(openssl_lock); AddChainSslCertOnDirectory(ssl_ctx); Lock(openssl_lock); diff --git a/src/Mayaqua/Network.h b/src/Mayaqua/Network.h index 90b5e95c..8f1a44f2 100644 --- a/src/Mayaqua/Network.h +++ b/src/Mayaqua/Network.h @@ -147,6 +147,7 @@ struct SSL_ACCEPT_SETTINGS bool Tls_Disable1_0; bool Tls_Disable1_1; bool Tls_Disable1_2; + bool Tls_Disable1_3; }; // Socket