diff options
Diffstat (limited to 'main/tcptls.c')
| -rw-r--r-- | main/tcptls.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/main/tcptls.c b/main/tcptls.c index 6f37724d9..34baf9a0e 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -818,12 +818,17 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) if (ast_test_flag(&cfg->flags, AST_SSL_DISABLE_TLSV1)) { ssl_opts |= SSL_OP_NO_TLSv1; } +#if defined(HAVE_SSL_OP_NO_TLSV1_1) && defined(HAVE_SSL_OP_NO_TLSV1_2) if (ast_test_flag(&cfg->flags, AST_SSL_DISABLE_TLSV11)) { ssl_opts |= SSL_OP_NO_TLSv1_1; } if (ast_test_flag(&cfg->flags, AST_SSL_DISABLE_TLSV12)) { ssl_opts |= SSL_OP_NO_TLSv1_2; } +#else + ast_log(LOG_WARNING, "Your version of OpenSSL leaves you potentially vulnerable " + "to the SSL BEAST attack. Please upgrade to OpenSSL 1.0.1 or later\n"); +#endif SSL_CTX_set_options(cfg->ssl_ctx, ssl_opts); |