From c6cf495247242dd3121dec03831ed7b2c4fae412 Mon Sep 17 00:00:00 2001
From: Philip Guenther <guenther@sendmail.com>
Date: Mon, 29 Jul 2013 07:01:15 -0700
Subject: [PATCH] ITS#7645 more OpenSSL TLS versions

---
 libraries/libldap/tls_o.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
index 24d43eede4..3c077f895a 100644
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -219,6 +219,25 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
 			(const unsigned char *) "OpenLDAP", sizeof("OpenLDAP")-1 );
 	}
 
+#ifdef SSL_OP_NO_TLSv1
+#ifdef SSL_OP_NO_TLSv1_1
+#ifdef SSL_OP_NO_TLSv1_2
+	if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_2)
+		SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
+			SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
+			SSL_OP_NO_TLSv1_2 );
+	else
+#endif
+	if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_1)
+		SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
+			SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 );
+	else
+#endif
+	if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_0)
+		SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
+			SSL_OP_NO_TLSv1);
+	else
+#endif
 	if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL3 )
 		SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 );
 	else if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL2 )
-- 
2.39.5