For reference, to test connecting to different TLS versions: TLS 1.0: openssl s_client -connect host:port -tls1 -no_tls1_1 -no_tls1_2 TLS 1.1: openssl s_client -connect host:port -tls1_1 TLS 1.2: openssl s_client -connect host:port -tls1_2
As far as I can tell, http://sourceforge.net/p/dcplusplus/code/ci/3f410c13dfcf3b15105cabbc39f7e0eacb0bb038/ does follow OpenSSL's documented API. https://www.openssl.org/docs/ssl/SSL_CTX_new.html states "The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the SSL_CTX_set_options() or SSL_set_options() functions." https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html states that SSL_OP_NO_TLSv1 means "Do not use the TLSv1 protocol." http://openssl.6102.n7.nabble.com/Selecting-TLSv1-2-only-protocol-td48296.html states that: options = SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 |SSL_OP_NO_SSLv2; options |= SSL_OP_NO_SSLv3; Selects TLS v1.2 or newer. -- You received this bug notification because you are a member of Dcplusplus-team, which is subscribed to DC++. https://bugs.launchpad.net/bugs/1308290 Title: Require TLS 1.2 connections for ADCS Status in DC++: In Progress Bug description: The same patch attached can be found at http://pastie.org/pastes/8760328 from two months ago. It's the resolution to https://dcpp.wordpress.com/2013/09/20/beast-crime- breach-and-lucky-13-assessing-tls-in-adcs/ This is meant as a trial patch: easy to add, and if it causes irresolvable problems, easy to remove without affecting much else. To manage notifications about this bug go to: https://bugs.launchpad.net/dcplusplus/+bug/1308290/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~linuxdcpp-team Post to : linuxdcpp-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~linuxdcpp-team More help : https://help.launchpad.net/ListHelp
