File no_tls11_config.patch of Package sblim-sfcb.18999

Index: sblim-sfcb-1.4.8/control.c
===================================================================
--- sblim-sfcb-1.4.8.orig/control.c
+++ sblim-sfcb-1.4.8/control.c
@@ -173,6 +173,7 @@ static Control init[] = {
   {"sslEcDhCurveName", CTL_STRING, "secp224r1", {0}},
   {"sslNoSSLv3", CTL_BOOL, NULL, {.b=0}},
   {"sslNoTLSv1", CTL_BOOL, NULL, {.b=0}},
+  {"sslNoTLSv1_1", CTL_BOOL, NULL, {.b=0}},
   {"enableSslCipherServerPref", CTL_BOOL, NULL, {.b=0}},
 
   {"registrationDir", CTL_STRING, SFCB_STATEDIR "/registration", {0}},
Index: sblim-sfcb-1.4.8/sfcb.cfg.pre.in
===================================================================
--- sblim-sfcb-1.4.8.orig/sfcb.cfg.pre.in
+++ sblim-sfcb-1.4.8/sfcb.cfg.pre.in
@@ -282,6 +282,7 @@ sslCiphers: ALL:!ADH:!LOW:!EXP:!MD5:@STR
 ## Default is false for both
 #sslNoSSLv3: false
 #sslNoTLSv1: false
+#sslNoTLSv1_1: false
 
 ## Optionally configure a DH parameters file for ephemeral key generation.
 ## See man SSL_CTX_set_tmp_dh_callback(3) for details. The value should be
Index: sblim-sfcb-1.4.8/httpAdapter.c
===================================================================
--- sblim-sfcb-1.4.8.orig/httpAdapter.c
+++ sblim-sfcb-1.4.8/httpAdapter.c
@@ -2092,9 +2092,12 @@ initSSL()
     options |= SSL_OP_NO_SSLv3;
   if (!getControlBool("sslNoTLSv1", &sslopt) && sslopt)
     options |= SSL_OP_NO_TLSv1;
-  _SFCB_TRACE(1, ("---  sslNoSSLv3=%s, sslNoTLSv1=%s",
+  if (!getControlBool("sslNoTLSv1_1", &sslopt) && sslopt)
+    options |= SSL_OP_NO_TLSv1_1;
+  _SFCB_TRACE(1, ("---  sslNoSSLv3=%s, sslNoTLSv1=%s, sslNoTLSv1_1=%s",
       (options & SSL_OP_NO_SSLv3 ? "true" : "false"),
-      (options & SSL_OP_NO_TLSv1 ? "true" : "false")));
+      (options & SSL_OP_NO_TLSv1 ? "true" : "false"),
+      (options & SSL_OP_NO_TLSv1_1 ? "true" : "false")));
 
   if (!getControlBool("enableSslCipherServerPref", &sslopt) && sslopt) {
     _SFCB_TRACE(1, ("---  enableSslCipherServerPref = true"));