il y a 6 ans · 5df77ec2f5
--- a/docs/UserManual.md
+++ b/docs/UserManual.md
@@ -621,6 +621,10 @@ TLS1.0+TLS1.1+TLS1.2 | 2
 
				 TLS1.1+TLS1.2 | 3
			
 
				 TLS1.2 | 4
			
 
				 
			
 
				+More recent versions of OpenSSL include support for TLS version 1.3. 
			
 
				+To use TLS1.3 only, set ssl\_protocol\_version to 5.
			
 
				+
			
 
				+
			
 
				 ### ssl\_short\_trust `no`
			
 
				 Enables the use of short lived certificates. This will allow for the certificates
			
 
				 and keys specified in `ssl_certificate`, `ssl_ca_file` and `ssl_ca_path` to be
			
--- a/src/civetweb.c
+++ b/src/civetweb.c
@@ -1785,17 +1785,20 @@ typedef struct x509 X509;
 
				 #define SSL_VERIFY_PEER (1)
			
 
				 #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT (2)
			
 
				 #define SSL_VERIFY_CLIENT_ONCE (4)
			
 
				-#define SSL_OP_ALL ((long)(0x80000BFFUL))
			
 
				-#define SSL_OP_NO_SSLv2 (0x01000000L)
			
 
				-#define SSL_OP_NO_SSLv3 (0x02000000L)
			
 
				-#define SSL_OP_NO_TLSv1 (0x04000000L)
			
 
				-#define SSL_OP_NO_TLSv1_2 (0x08000000L)
			
 
				-#define SSL_OP_NO_TLSv1_1 (0x10000000L)
			
 
				-#define SSL_OP_NO_TLSv1_3 (0x20000000UL)
			
 
				-#define SSL_OP_SINGLE_DH_USE (0x00100000L)
			
 
				-#define SSL_OP_CIPHER_SERVER_PREFERENCE (0x00400000L)
			
 
				-#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (0x00010000L)
			
 
				-#define SSL_OP_NO_COMPRESSION (0x00020000L)
			
 
				+
			
 
				+#define SSL_OP_ALL (0x80000BFFul)
			
 
				+
			
 
				+#define SSL_OP_NO_SSLv2 (0x01000000ul)
			
 
				+#define SSL_OP_NO_SSLv3 (0x02000000ul)
			
 
				+#define SSL_OP_NO_TLSv1 (0x04000000ul)
			
 
				+#define SSL_OP_NO_TLSv1_2 (0x08000000ul)
			
 
				+#define SSL_OP_NO_TLSv1_1 (0x10000000ul)
			
 
				+#define SSL_OP_NO_TLSv1_3 (0x20000000ul)
			
 
				+#define SSL_OP_SINGLE_DH_USE (0x00100000ul)
			
 
				+#define SSL_OP_CIPHER_SERVER_PREFERENCE (0x00400000ul)
			
 
				+#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (0x00010000ul)
			
 
				+#define SSL_OP_NO_COMPRESSION (0x00020000ul)
			
 
				+#define SSL_OP_NO_RENEGOTIATION (0x40000000ul)
			
 
				 
			
 
				 #define SSL_CB_HANDSHAKE_START (0x10)
			
 
				 #define SSL_CB_HANDSHAKE_DONE (0x20)
			
@@ -15680,8 +15683,10 @@ ssl_get_protocol(int version_id)
 
				 		ret |= SSL_OP_NO_TLSv1_1;
			
 
				 	if (version_id > 4)
			
 
				 		ret |= SSL_OP_NO_TLSv1_2;
			
 
				+#if defined(SSL_OP_NO_TLSv1_3)
			
 
				 	if (version_id > 5)
			
 
				 		ret |= SSL_OP_NO_TLSv1_3;
			
 
				+#endif
			
 
				 	return ret;
			
 
				 }
			
 
				 #else
			
@@ -15697,6 +15702,12 @@ ssl_get_protocol(int version_id)
 
				 		ret |= SSL_OP_NO_TLSv1;
			
 
				 	if (version_id > 3)
			
 
				 		ret |= SSL_OP_NO_TLSv1_1;
			
 
				+	if (version_id > 4)
			
 
				+		ret |= SSL_OP_NO_TLSv1_2;
			
 
				+#if defined(SSL_OP_NO_TLSv1_3)
			
 
				+	if (version_id > 5)
			
 
				+		ret |= SSL_OP_NO_TLSv1_3;
			
 
				+#endif
			
 
				 	return ret;
			
 
				 }
			
 
				 #endif /* OPENSSL_API_1_1 */
			
@@ -15838,6 +15849,11 @@ init_ssl_ctx_impl(struct mg_context *phys_ctx,
 
				 	SSL_CTX_set_options(dom_ctx->ssl_ctx,
			
 
				 	                    SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
			
 
				 	SSL_CTX_set_options(dom_ctx->ssl_ctx, SSL_OP_NO_COMPRESSION);
			
 
				+
			
 
				+#if defined(SSL_OP_NO_RENEGOTIATION)
			
 
				+	SSL_CTX_set_options(dom_ctx->ssl_ctx, SSL_OP_NO_RENEGOTIATION);
			
 
				+#endif
			
 
				+
			
 
				 #if !defined(NO_SSL_DL)
			
 
				 	SSL_CTX_set_ecdh_auto(dom_ctx->ssl_ctx, 1);
			
 
				 #endif /* NO_SSL_DL */