secur32: Take schannel backend capabilities into account when configuring enabled protocols.

Juan Lang juan.lang at gmail.com
Thu Mar 28 15:55:40 CDT 2013


On Thu, Mar 28, 2013 at 12:31 PM, Ken Thomases <ken at codeweavers.com> wrote:

> On Mar 28, 2013, at 6:05 AM, Jacek Caban wrote:
>
> > --- a/dlls/secur32/schannel_macosx.c
> > +++ b/dlls/secur32/schannel_macosx.c
> > @@ -630,6 +630,11 @@ static OSStatus schan_push_adapter(SSLConnectionRef
> transport, const void *buff,
> >      return ret;
> >  }
> >
> > +DWORD schan_imp_enabled_protocols(void)
> > +{
> > +    /* NOTE: No support for TLS 1.1 and TLS 1.2 */
> > +    return SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT |
> SP_PROT_TLS1_0_CLIENT;
>

Do we really want to continue supporting SSL2? It's got a number of
vulnerabilities, and is disabled pretty much everywhere by now:
http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
--Juan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20130328/ef4c153d/attachment.html>


More information about the wine-devel mailing list