File no_tls11_config.patch of Package sblim-sfcb

Index: sblim-sfcb-1.4.9/control.c
===================================================================
--- sblim-sfcb-1.4.9.orig/control.c
+++ sblim-sfcb-1.4.9/control.c
@@ -177,6 +177,9 @@ static Control init[] = {
   {"sslEcDhCurveName", CTL_STRING, "secp224r1", {0}},
   {"sslNoSSLv3", CTL_BOOL, NULL, {.b=0}},
   {"sslNoTLSv1", CTL_BOOL, NULL, {.b=0}},
+  {"sslNoTLSv1_1", CTL_BOOL, NULL, {.b=0}},
+  {"sslNoTLSv1_2", CTL_BOOL, NULL, {.b=0}},
+  {"sslNoTLSv1_3", CTL_BOOL, NULL, {.b=0}},
   {"enableSslCipherServerPref", CTL_BOOL, NULL, {.b=0}},
 
   {"registrationDir", CTL_STRING, SFCB_STATEDIR "/registration", {0}},
Index: sblim-sfcb-1.4.9/sfcb.cfg.pre.in
===================================================================
--- sblim-sfcb-1.4.9.orig/sfcb.cfg.pre.in
+++ sblim-sfcb-1.4.9/sfcb.cfg.pre.in
@@ -294,6 +294,9 @@ sslCiphers: ALL:!ADH:!LOW:!EXP:!MD5:@STR
 ## Default is false for both
 #sslNoSSLv3: false
 #sslNoTLSv1: false
+#sslNoTLSv1_1: false
+#sslNoTLSv1_2: false
+#sslNoTLSv1_3: false
 
 ## Optionally configure a DH parameters file for ephemeral key generation.
 ## See man SSL_CTX_set_tmp_dh_callback(3) for details. The value should be
Index: sblim-sfcb-1.4.9/httpAdapter.c
===================================================================
--- sblim-sfcb-1.4.9.orig/httpAdapter.c
+++ sblim-sfcb-1.4.9/httpAdapter.c
@@ -2089,13 +2089,27 @@ initSSL()
    */
   long options = SSL_OP_ALL | SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2;
 
+#ifndef SSL_OP_NO_TLSv1_3
+# define SSL_OP_NO_TLSv1_3                               0x20000000U
+#endif
+
   if (!getControlBool("sslNoSSLv3", &sslopt) && sslopt)
     options |= SSL_OP_NO_SSLv3;
   if (!getControlBool("sslNoTLSv1", &sslopt) && sslopt)
     options |= SSL_OP_NO_TLSv1;
-  _SFCB_TRACE(1, ("---  sslNoSSLv3=%s, sslNoTLSv1=%s",
+  if (!getControlBool("sslNoTLSv1_1", &sslopt) && sslopt)
+    options |= SSL_OP_NO_TLSv1_1;
+  if (!getControlBool("sslNoTLSv1_2", &sslopt) && sslopt)
+    options |= SSL_OP_NO_TLSv1_2;
+  if (!getControlBool("sslNoTLSv1_3", &sslopt) && sslopt)
+    options |= SSL_OP_NO_TLSv1_3;
+  _SFCB_TRACE(1, ("---  sslNoSSLv3=%s, sslNoTLSv1=%s, sslNoTLSv1_1=%s, sslNoTLSv1_2=%s, sslNoTLSv1_3=%s",
       (options & SSL_OP_NO_SSLv3 ? "true" : "false"),
-      (options & SSL_OP_NO_TLSv1 ? "true" : "false")));
+      (options & SSL_OP_NO_TLSv1 ? "true" : "false"),
+      (options & SSL_OP_NO_TLSv1_1 ? "true" : "false"),
+      (options & SSL_OP_NO_TLSv1_2 ? "true" : "false"),
+      (options & SSL_OP_NO_TLSv1_3 ? "true" : "false")
+      ));
 
   if (!getControlBool("enableSslCipherServerPref", &sslopt) && sslopt) {
     _SFCB_TRACE(1, ("---  enableSslCipherServerPref = true"));