From 59bd213cf007f36b2a857785e647bd3f9972fbc3 Mon Sep 17 00:00:00 2001
From: Pawel Jakub Dawidek <pawel@dawidek.net>
Date: Thu, 23 Feb 2012 00:38:52 +0100
Subject: [PATCH] Accept both TLSv1 and SSLv3 as a server. This fixes SSL
 connections from Microsoft RDC for Mac OS X to FreeRDP server.

---
 libfreerdp-crypto/tls.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libfreerdp-crypto/tls.c b/libfreerdp-crypto/tls.c
index b6956b6..9185d00 100644
--- a/libfreerdp-crypto/tls.c
+++ b/libfreerdp-crypto/tls.c
@@ -128,7 +128,7 @@ boolean tls_accept(rdpTls* tls, const char* cert_file, const char* privatekey_fi
 {
 	int connection_status;
 
-	tls->ctx = SSL_CTX_new(TLSv1_server_method());
+	tls->ctx = SSL_CTX_new(SSLv23_server_method());
 
 	if (tls->ctx == NULL)
 	{
@@ -136,6 +136,12 @@ boolean tls_accept(rdpTls* tls, const char* cert_file, const char* privatekey_fi
 		return false;
 	}
 
+	/*
+	 * We only want SSLv3 and TLSv1, so disable SSLv2.
+	 * SSLv3 is used by, eg. Microsoft RDC for Mac OS X.
+	 */
+	SSL_CTX_set_options(tls->ctx, SSL_OP_NO_SSLv2);
+
 	if (SSL_CTX_use_RSAPrivateKey_file(tls->ctx, privatekey_file, SSL_FILETYPE_PEM) <= 0)
 	{
 		printf("SSL_CTX_use_RSAPrivateKey_file failed\n");
-- 
2.7.4