28 Mar
2013
28 Mar
'13
8:55 p.m.
On Thu, Mar 28, 2013 at 12:31 PM, Ken Thomases <ken(a)codeweavers.com> wrote:
On Mar 28, 2013, at 6:05 AM, Jacek Caban wrote:
--- a/dlls/secur32/schannel_macosx.c +++ b/dlls/secur32/schannel_macosx.c @@ -630,6 +630,11 @@ static OSStatus schan_push_adapter(SSLConnectionRef transport, const void *buff, return ret; }
+DWORD schan_imp_enabled_protocols(void) +{ + /* NOTE: No support for TLS 1.1 and TLS 1.2 */ + return SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT;
Do we really want to continue supporting SSL2? It's got a number of vulnerabilities, and is disabled pretty much everywhere by now: http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0 --Juan