From d473d7ae9135c9ca149a361b78366a753e1c0d5f Mon Sep 17 00:00:00 2001 From: Selim Gurun Date: Wed, 28 Mar 2012 09:14:25 -0700 Subject: Disable TLSv1.2 and TLSv1.1. Bug: 6234791 Temporarily disabling TLSv1.1 and TLSv1.2 as some sites do not seem to like it (agl reports 2% of sites have issues). Change-Id: I182bc8296e2fa2681ca2c997b5524c0135b385bf --- net/socket/ssl_client_socket_openssl.cc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc index b9c3e02..30a5f48 100644 --- a/net/socket/ssl_client_socket_openssl.cc +++ b/net/socket/ssl_client_socket_openssl.cc @@ -447,6 +447,12 @@ bool SSLClientSocketOpenSSL::Init() { options.ConfigureFlag(SSL_OP_NO_SSLv2, true); options.ConfigureFlag(SSL_OP_NO_SSLv3, !ssl_config_.ssl3_enabled); options.ConfigureFlag(SSL_OP_NO_TLSv1, !ssl_config_.tls1_enabled); +#ifdef SSL_OP_NO_TLSv1_1 + options.ConfigureFlag(SSL_OP_NO_TLSv1_1, true); +#endif +#ifdef SSL_OP_NO_TLSv1_2 + options.ConfigureFlag(SSL_OP_NO_TLSv1_2, true); +#endif #if defined(SSL_OP_NO_COMPRESSION) // If TLS was disabled also disable compression, to provide maximum site -- cgit v1.1