From 3e3123b55ee484f7a67f8dc4b74f58836b5ffb78 Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordu.net>
Date: Thu, 25 Feb 2016 15:08:07 +0100
Subject: Allow TLSv1.1 and TLSv1.2.

This should in theory allow for later versions of TLS too but let's
verify that when the time comes.
---
 tlscommon.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tlscommon.c b/tlscommon.c
index 13a140a..9af5d81 100644
--- a/tlscommon.c
+++ b/tlscommon.c
@@ -208,7 +208,8 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) {
     switch (type) {
 #ifdef RADPROT_TLS
     case RAD_TLS:
-	ctx = SSL_CTX_new(TLSv1_method());
+	ctx = SSL_CTX_new(SSLv23_method());
+        SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 #ifdef DEBUG
 	SSL_CTX_set_info_callback(ctx, ssl_info_callback);
 #endif
-- 
cgit v1.1