From d473d7ae9135c9ca149a361b78366a753e1c0d5f Mon Sep 17 00:00:00 2001
From: Selim Gurun <sgurun@google.com>
Date: Wed, 28 Mar 2012 09:14:25 -0700
Subject: Disable TLSv1.2 and TLSv1.1.

Bug: 6234791

Temporarily disabling TLSv1.1 and TLSv1.2 as some sites do not seem
to like it (agl reports 2% of sites have issues).

Change-Id: I182bc8296e2fa2681ca2c997b5524c0135b385bf
---
 net/socket/ssl_client_socket_openssl.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index b9c3e02..30a5f48 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -447,6 +447,12 @@ bool SSLClientSocketOpenSSL::Init() {
   options.ConfigureFlag(SSL_OP_NO_SSLv2, true);
   options.ConfigureFlag(SSL_OP_NO_SSLv3, !ssl_config_.ssl3_enabled);
   options.ConfigureFlag(SSL_OP_NO_TLSv1, !ssl_config_.tls1_enabled);
+#ifdef SSL_OP_NO_TLSv1_1
+  options.ConfigureFlag(SSL_OP_NO_TLSv1_1, true);
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
+  options.ConfigureFlag(SSL_OP_NO_TLSv1_2, true);
+#endif
 
 #if defined(SSL_OP_NO_COMPRESSION)
   // If TLS was disabled also disable compression, to provide maximum site
-- 
cgit v1.1