<div dir="ltr">On Thu, Mar 28, 2013 at 12:31 PM, Ken Thomases <span dir="ltr"><<a href="mailto:ken@codeweavers.com" target="_blank">ken@codeweavers.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">On Mar 28, 2013, at 6:05 AM, Jacek Caban wrote:<br>
<br>
> --- a/dlls/secur32/schannel_macosx.c<br>
> +++ b/dlls/secur32/schannel_macosx.c<br>
> @@ -630,6 +630,11 @@ static OSStatus schan_push_adapter(SSLConnectionRef transport, const void *buff,<br>
> � � �return ret;<br>
> �}<br>
><br>
> +DWORD schan_imp_enabled_protocols(void)<br>
> +{<br>
> + � �/* NOTE: No support for TLS 1.1 and TLS 1.2 */<br>
> + � �return SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT;<br></blockquote><div><br></div><div style>Do we really want to continue supporting SSL2? It's got a number of vulnerabilities, and is disabled pretty much everywhere by now:</div>
<div style><a href="http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0">http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0</a></div><div style>--Juan</div></div></div></div>