From fe474e3b6a05dddae2c69fbe35100895dd38ae9a Mon Sep 17 00:00:00 2001 From: Jacek Caban Date: Thu, 28 Mar 2013 12:05:59 +0100 Subject: [PATCH] secur32: Take schannel backend capabilities into account when configuring enabled protocols. --- dlls/secur32/schannel.c | 2 +- dlls/secur32/schannel_gnutls.c | 6 ++++++ dlls/secur32/schannel_macosx.c | 5 +++++ dlls/secur32/secur32_priv.h | 1 + 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/dlls/secur32/schannel.c b/dlls/secur32/schannel.c index 9a83a7613d7..df75b674797 100644 --- a/dlls/secur32/schannel.c +++ b/dlls/secur32/schannel.c @@ -237,7 +237,7 @@ static void read_config(void) RegCloseKey(protocols_key); - config_enabled_protocols = enabled; + config_enabled_protocols = enabled & schan_imp_enabled_protocols(); config_default_disabled_protocols = default_disabled; config_read = TRUE; diff --git a/dlls/secur32/schannel_gnutls.c b/dlls/secur32/schannel_gnutls.c index 8975b2d27b4..b46050583ed 100644 --- a/dlls/secur32/schannel_gnutls.c +++ b/dlls/secur32/schannel_gnutls.c @@ -106,6 +106,12 @@ static ssize_t schan_push_adapter(gnutls_transport_ptr_t transport, return buff_len; } +DWORD schan_imp_enabled_protocols(void) +{ + /* NOTE: No support for SSL 2.0 */ + return SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT; +} + BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred) { gnutls_session_t *s = (gnutls_session_t*)session; diff --git a/dlls/secur32/schannel_macosx.c b/dlls/secur32/schannel_macosx.c index 2acb6ca3585..c562a987ed2 100644 --- a/dlls/secur32/schannel_macosx.c +++ b/dlls/secur32/schannel_macosx.c @@ -630,6 +630,11 @@ static OSStatus schan_push_adapter(SSLConnectionRef transport, const void *buff, return ret; } +DWORD schan_imp_enabled_protocols(void) +{ + /* NOTE: No support for TLS 1.1 and TLS 1.2 */ + return SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT; +} BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred) { diff --git a/dlls/secur32/secur32_priv.h b/dlls/secur32/secur32_priv.h index 5b2ac8987e1..dc08429b672 100644 --- a/dlls/secur32/secur32_priv.h +++ b/dlls/secur32/secur32_priv.h @@ -260,6 +260,7 @@ extern SECURITY_STATUS schan_imp_recv(schan_imp_session session, void *buffer, SIZE_T *length) DECLSPEC_HIDDEN; extern BOOL schan_imp_allocate_certificate_credentials(schan_credentials*) DECLSPEC_HIDDEN; extern void schan_imp_free_certificate_credentials(schan_credentials*) DECLSPEC_HIDDEN; +extern DWORD schan_imp_enabled_protocols(void) DECLSPEC_HIDDEN; extern BOOL schan_imp_init(void) DECLSPEC_HIDDEN; extern void schan_imp_deinit(void) DECLSPEC_HIDDEN;