From 464bdd6b70409a62ee47ff6c9d0ca09d3f90ed76 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 21 Jul 2020 08:33:48 +0200 Subject: [PATCH] SSL_CTX_set_max_proto_version requires openssl 1.1 --- src/ssl/ssl_openssl_impl.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ssl/ssl_openssl_impl.cpp b/src/ssl/ssl_openssl_impl.cpp index 29d26ef51..3b1124378 100644 --- a/src/ssl/ssl_openssl_impl.cpp +++ b/src/ssl/ssl_openssl_impl.cpp @@ -539,8 +539,10 @@ OpenSslContext::OpenSslContext() , trusted_store_(X509_STORE_new()) { SSL_CTX_set_cert_store(ssl_ctx_, trusted_store_); SSL_CTX_set_verify(ssl_ctx_, SSL_VERIFY_NONE, ssl_no_verify_callback); +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) // Limit to TLS 1.2 for now. TLS 1.3 has broken the handshake code. SSL_CTX_set_max_proto_version(ssl_ctx_, TLS1_2_VERSION); +#endif #if DEBUG_SSL SSL_CTX_set_info_callback(ssl_ctx_, ssl_info_callback); #endif