Commit 65ac7ddcccbf28158d75cfa4e524500f5fdd5f4e
2015-03-24T16:31:51
SecureTransport: require TLS v1.x Anything SSL is deprecated. Let's make sure we don't try to use SSL v3 when talking to the server.
diff --git a/src/stransport_stream.c b/src/stransport_stream.c
index 644a5a7..db993ff 100644
--- a/src/stransport_stream.c
+++ b/src/stransport_stream.c
@@ -225,6 +225,8 @@ int git_stransport_stream_new(git_stream **out, const char *host, const char *po
if ((ret = SSLSetIOFuncs(st->ctx, read_cb, write_cb)) != noErr ||
(ret = SSLSetConnection(st->ctx, st->io)) != noErr ||
(ret = SSLSetSessionOption(st->ctx, kSSLSessionOptionBreakOnServerAuth, true)) != noErr ||
+ (ret = SSLSetProtocolVersionMin(st->ctx, kTLSProtocol1)) != noErr ||
+ (ret = SSLSetProtocolVersionMax(st->ctx, kTLSProtocol12)) != noErr ||
(ret = SSLSetPeerDomainName(st->ctx, host, strlen(host))) != noErr) {
git_stream_free((git_stream *)st);
return stransport_error(ret);