From 701ca8e0e0cd0f0f0e63c00af4fefeba89a9210c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= <git@myname.nl>
Date: Tue, 16 Dec 2014 22:23:58 +0100
Subject: [PATCH] Add support for TLSv1.1 and TLSv1.2

---
 vio/viossl.c          | 8 +++++++-
 vio/viosslfactories.c | 4 ++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/vio/viossl.c b/vio/viossl.c
index 2efd020..4119ab6 100644
--- a/vio/viossl.c
+++ b/vio/viossl.c
@@ -375,6 +375,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
                   unsigned long *ssl_errno_holder)
 {
   int r;
+  long options;
   SSL *ssl;
   my_socket sd= mysql_socket_getfd(vio->mysql_socket);
   DBUG_ENTER("ssl_do");
@@ -391,8 +392,13 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
   SSL_clear(ssl);
   SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
   SSL_set_fd(ssl, sd);
+
 #ifndef HAVE_YASSL
-  SSL_set_options(ssl, SSL_OP_NO_COMPRESSION);
+  options = SSL_OP_ALL;
+  options |= SSL_OP_NO_SSLv2;
+  options |= SSL_OP_NO_SSLv3;
+  options |= SSL_OP_NO_COMPRESSION;
+  SSL_set_options(ssl, options);
 #endif
 
   /*
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index 4ca8c74..35edd33 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -193,8 +193,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
     DBUG_RETURN(0);
 
   if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client ?
-                                         TLSv1_client_method() :
-                                         TLSv1_server_method())))
+                                         SSLv23_client_method() :
+                                         SSLv23_server_method())))
   {
     *error= SSL_INITERR_MEMFAIL;
     DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
-- 
2.1.0