From 82e55d202f8152c25b8daa48d1960eede3eee312 Mon Sep 17 00:00:00 2001
From: dequis <dx@dxzone.com.ar>
Date: Thu, 29 Sep 2016 14:53:41 -0300
Subject: ssl_openssl: Allow TLS versions newer than 1.0

Another victim of SSLv23_client_method's terrible name. At least we
weren't forcing ssl 3.0.

Thanks kl3 for pointing this out.

Despite what this commit might suggest, using openssl is not recommended
at all. Potential GPL incompatibility aside, that module doesn't have
certificate verification code. Don't use it unless you have a good
reason to do so.
---
 lib/ssl_openssl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/ssl_openssl.c b/lib/ssl_openssl.c
index 38ce0598..2f668da2 100644
--- a/lib/ssl_openssl.c
+++ b/lib/ssl_openssl.c
@@ -66,8 +66,9 @@ void ssl_init(void)
 
 	SSL_library_init();
 
-	meth = TLSv1_client_method();
+	meth = SSLv23_client_method();
 	ssl_ctx = SSL_CTX_new(meth);
+	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 
 	initialized = TRUE;
 }
-- 
cgit v1.2.3