SecureTransport: require TLS v1.x

Anything SSL is deprecated. Let's make sure we don't try to use SSL v3 when talking to the server.

SecureTransport: require TLS v1.x
Anything SSL is deprecated. Let's make sure we don't try to use SSL v3 when talking to the server.
65ac7ddc · Carlos Martín Nieto · 85247df0 · 65ac7ddc
Commit 65ac7ddc authored Mar 24, 2015 by Carlos Martín Nieto
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

src/stransport_stream.c
+2 -0

No files found.
--- a/src/stransport_stream.c
+++ b/src/stransport_stream.c
@@ -225,6 +225,8 @@ int git_stransport_stream_new(git_stream **out, const char *host, const char *po
 	if ((ret = SSLSetIOFuncs(st->ctx, read_cb, write_cb)) != noErr ||
 	    (ret = SSLSetConnection(st->ctx, st->io)) != noErr ||
 	    (ret = SSLSetSessionOption(st->ctx, kSSLSessionOptionBreakOnServerAuth, true)) != noErr ||
+	    (ret = SSLSetProtocolVersionMin(st->ctx, kTLSProtocol1)) != noErr ||
+	    (ret = SSLSetProtocolVersionMax(st->ctx, kTLSProtocol12)) != noErr ||
 	    (ret = SSLSetPeerDomainName(st->ctx, host, strlen(host))) != noErr) {
 		git_stream_free((git_stream *)st);
 		return stransport_error(ret);