From 5e90bc380bae9e2278ffe0b0ba0983bb0789c05f Mon Sep 17 00:00:00 2001
From: Kyle Fuller <inbox@kylefuller.co.uk>
Date: Sun, 20 Apr 2014 23:35:29 +0100
Subject: [PATCH] [Csocket] Support and default to TLSv1.2

Updates to 21ac28cc29e9256a21a9aa217e29638360c266d0 of Csocket
---
 include/znc/Csocket.h |  4 +++-
 src/Csocket.cpp       | 42 +++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/include/znc/Csocket.h b/include/znc/Csocket.h
index de29d6e5..c227e89f 100644
--- a/include/znc/Csocket.h
+++ b/include/znc/Csocket.h
@@ -591,7 +591,9 @@ public:
 	    SSL23				= 0,
 	    SSL2				= 2,
 	    SSL3				= 3,
-	    TLS1				= 4
+	    TLS1				= 4,
+	    TLS1_1				= 5,
+	    TLS1_2				= 6
 	};
 
 	enum ECONState
diff --git a/src/Csocket.cpp b/src/Csocket.cpp
index 2e4cb14d..7de791d2 100644
--- a/src/Csocket.cpp
+++ b/src/Csocket.cpp
@@ -1355,6 +1355,26 @@ bool Csock::SSLClientSetup()
 			return( false );
 		}
 		break;
+	case TLS1_2:
+#ifdef TLS1_2_VERSION
+		m_ssl_ctx = SSL_CTX_new( TLSv1_2_client_method() );
+		if( !m_ssl_ctx )
+		{
+			CS_DEBUG( "WARNING: MakeConnection .... TLSv1_2_client_method failed!" );
+			return( false );
+		}
+		break;
+#endif
+	case TLS1_1:
+#ifdef TLS1_1_VERSION
+		m_ssl_ctx = SSL_CTX_new( TLSv1_1_client_method() );
+		if( !m_ssl_ctx )
+		{
+			CS_DEBUG( "WARNING: MakeConnection .... TLSv1_1_client_method failed!" );
+			return( false );
+		}
+		break;
+#endif
 	case TLS1:
 		m_ssl_ctx = SSL_CTX_new( TLSv1_client_method() );
 		if( !m_ssl_ctx )
@@ -1452,6 +1472,26 @@ bool Csock::SSLServerSetup()
 			return( false );
 		}
 		break;
+	case TLS1_2:
+#ifdef TLS1_2_VERSION
+		m_ssl_ctx = SSL_CTX_new( TLSv1_2_server_method() );
+		if( !m_ssl_ctx )
+		{
+			CS_DEBUG( "WARNING: MakeConnection .... TLSv1_2_server_method failed!" );
+			return( false );
+		}
+		break;
+#endif
+	case TLS1_1:
+#ifdef TLS1_1_VERSION
+		m_ssl_ctx = SSL_CTX_new( TLSv1_1_server_method() );
+		if( !m_ssl_ctx )
+		{
+			CS_DEBUG( "WARNING: MakeConnection .... TLSv1_1_server_method failed!" );
+			return( false );
+		}
+		break;
+#endif
 	case TLS1:
 		m_ssl_ctx = SSL_CTX_new( TLSv1_server_method() );
 		if( !m_ssl_ctx )
@@ -2711,7 +2751,7 @@ void Csock::Init( const CS_STRING & sHostname, uint16_t uPort, int iTimeout )
 	m_shostname = sHostname;
 	m_sbuffer.clear();
 	m_eCloseType = CLT_DONT;
-	m_iMethod = SSL23;
+	m_iMethod = TLS1_2;  // Falls though TLSv1.1 and TLSv1 if not available
 	m_sCipherType = "ALL";
 	m_iMaxBytes = 0;
 	m_iMaxMilliSeconds = 0;