Manually disable SSLv2 and SSLv3

Not sure why we weren't doing this before....
sfackler · Nov 9, 2016 · 17726cd · 17726cd
1 parent 33a87b0
commit 17726cd
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -9,7 +9,7 @@ documentation = "https://sfackler.github.io/rust-native-tls/doc/v0.1.0/native_tl
 readme = "README.md"
 
 [target.'cfg(target_os = "macos")'.dependencies]
-security-framework = { version = "0.1.9", features = ["OSX_10_8"] }
+security-framework = "0.1.9"
 security-framework-sys = "0.1.9"
 tempdir = "0.3"
 

diff --git a/src/imp/security_framework.rs b/src/imp/security_framework.rs
@@ -165,7 +165,8 @@ impl TlsConnector {
         where S: io::Read + io::Write
     {
         let mut ctx = try!(SslContext::new(ProtocolSide::Client, ConnectionType::Stream));
-        try!(ctx.set_protocol_version_min(SslProtocol::Tls1));
+        try!(ctx.set_protocol_version_enabled(SslProtocol::Ssl2, false));
+        try!(ctx.set_protocol_version_enabled(SslProtocol::Ssl3, false));
         try!(ctx.set_peer_domain_name(domain));
         if let Some(pkcs12) = self.pkcs12.as_ref() {
             try!(ctx.set_certificate(&pkcs12.identity, &pkcs12.chain));
@@ -200,7 +201,8 @@ impl TlsAcceptor {
         where S: io::Read + io::Write
     {
         let mut ctx = try!(SslContext::new(ProtocolSide::Server, ConnectionType::Stream));
-        try!(ctx.set_protocol_version_min(SslProtocol::Tls1));
+        try!(ctx.set_protocol_version_enabled(SslProtocol::Ssl2, false));
+        try!(ctx.set_protocol_version_enabled(SslProtocol::Ssl3, false));
         try!(ctx.set_certificate(&self.pkcs12.identity, &self.pkcs12.chain));
         match ctx.handshake(stream) {
             Ok(s) => Ok(TlsStream(s)),