diff options
Diffstat (limited to 'cups/tls-gnutls.c')
-rw-r--r-- | cups/tls-gnutls.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c index 3f13760..2dcb7fe 100644 --- a/cups/tls-gnutls.c +++ b/cups/tls-gnutls.c @@ -1226,7 +1226,8 @@ _httpTLSSetCredentials(http_t *http) /* I - Connection to server */ void _httpTLSSetOptions(int options) /* I - Options */ { - tls_options = options; + if (!(options & _HTTP_TLS_SET_DEFAULT) || tls_options < 0) + tls_options = options; } @@ -1508,19 +1509,20 @@ _httpTLSStart(http_t *http) /* I - Connection to server */ if (tls_options & _HTTP_TLS_DENY_TLS10) strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0", sizeof(priority_string)); else if (tls_options & _HTTP_TLS_ALLOW_SSL3) - strlcat(priority_string, ":+VERS-TLS-ALL", sizeof(priority_string)); + strlcat(priority_string, ":+VERS-TLS-ALL:+VERS-SSL3.0", sizeof(priority_string)); else if (tls_options & _HTTP_TLS_ONLY_TLS10) strlcat(priority_string, ":-VERS-TLS-ALL:-VERS-SSL3.0:+VERS-TLS1.0", sizeof(priority_string)); else strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-SSL3.0", sizeof(priority_string)); - if (!(tls_options & _HTTP_TLS_ALLOW_RC4)) - strlcat(priority_string, ":-ARCFOUR-128", sizeof(priority_string)); + if (tls_options & _HTTP_TLS_ALLOW_RC4) + strlcat(priority_string, ":+ARCFOUR-128", sizeof(priority_string)); + else + strlcat(priority_string, ":!ARCFOUR-128", sizeof(priority_string)); - if (!(tls_options & _HTTP_TLS_ALLOW_DH)) - strlcat(priority_string, ":!ANON-DH", sizeof(priority_string)); + strlcat(priority_string, ":!ANON-DH", sizeof(priority_string)); - if (!(tls_options & _HTTP_TLS_DENY_CBC)) + if (tls_options & _HTTP_TLS_DENY_CBC) strlcat(priority_string, ":!AES-128-CBC:!AES-256-CBC:!CAMELLIA-128-CBC:!CAMELLIA-256-CBC:!3DES-CBC", sizeof(priority_string)); #ifdef HAVE_GNUTLS_PRIORITY_SET_DIRECT |