ITS#7645 more OpenSSL TLS versions

diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
index 24d43eede40b54fc0b715c88e9cb495991405a20..3c077f895ad2799047792894160fb4fd3f7c8ed0 100644 (file)
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -219,6 +219,25 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
                        (const unsigned char *) "OpenLDAP", sizeof("OpenLDAP")-1 );
        }
 
+#ifdef SSL_OP_NO_TLSv1
+#ifdef SSL_OP_NO_TLSv1_1
+#ifdef SSL_OP_NO_TLSv1_2
+       if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_2)
+               SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
+                       SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
+                       SSL_OP_NO_TLSv1_2 );
+       else
+#endif
+       if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_1)
+               SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
+                       SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 );
+       else
+#endif
+       if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_0)
+               SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
+                       SSL_OP_NO_TLSv1);
+       else
+#endif
        if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL3 )
                SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 );
        else if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL2 )