MINOR: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'.
This is because "notlsv1" used to disable TLSv1.0 only and had no effect
on v1.1/v1.2. so better have an option for each version. This applies both
to "bind" and "server" statements.
diff --git a/include/types/listener.h b/include/types/listener.h
index 227bb4b..b3d52a1 100644
--- a/include/types/listener.h
+++ b/include/types/listener.h
@@ -103,7 +103,9 @@
char *crlfile; /* CRLfile to use on verify */
char *ecdhe; /* named curve to use for ECDHE */
int nosslv3; /* disable SSLv3 */
- int notlsv1; /* disable TLSv1 */
+ int notlsv10; /* disable TLSv1.0 */
+ int notlsv11; /* disable TLSv1.1 */
+ int notlsv12; /* disable TLSv1.2 */
int prefer_server_ciphers; /* Prefer server ciphers */
int verify; /* verify method (set of SSL_VERIFY_* flags) */
SSL_CTX *default_ctx; /* SSL context of first/default certificate */
diff --git a/include/types/server.h b/include/types/server.h
index 25a0174..7c5dd87 100644
--- a/include/types/server.h
+++ b/include/types/server.h
@@ -175,7 +175,9 @@
SSL_SESSION *reused_sess;
char *ciphers; /* cipher suite to use if non-null */
int nosslv3; /* disable SSLv3 */
- int notlsv1; /* disable TLSv1 */
+ int notlsv10; /* disable TLSv1.0 */
+ int notlsv11; /* disable TLSv1.1 */
+ int notlsv12; /* disable TLSv1.2 */
} ssl_ctx;
#endif
struct {