From: Neil McKillop <neil@mckillop.org>
Date: Sun, 10 Jan 2021 17:30:08 +0000 (+0000)
Subject: Apply patch from @nervuri:matrix.org to stop supporting out of spec versions of TLS
X-Git-Url: https://git.mckillop.org/gitweb/?a=commitdiff_plain;h=ec115d017e6a9652dac1d443d7adf70bdc0ca0a5;p=gemini-php

Apply patch from @nervuri:matrix.org to stop supporting out of spec versions of TLS
---

diff --git a/server.php b/server.php
index dda1c70..d1be889 100644
--- a/server.php
+++ b/server.php
@@ -20,11 +20,16 @@ $socket = stream_socket_server("tcp://{$g->ip}:{$g->port}", $errno, $errstr, STR
 
 stream_socket_enable_crypto($socket, false);
 
+// apply patch from @nervuri:matrix.org to stop supporting out of spec versions of TLS
+$cryptoMethod = STREAM_CRYPTO_METHOD_TLS_SERVER
+	& ~ STREAM_CRYPTO_METHOD_TLSv1_0_SERVER
+	& ~ STREAM_CRYPTO_METHOD_TLSv1_1_SERVER;
+
 while(true) {
 	$forkedSocket = stream_socket_accept($socket, "-1", $remoteIP);
 
 	stream_set_blocking($forkedSocket, true);
-	stream_socket_enable_crypto($forkedSocket, true, STREAM_CRYPTO_METHOD_TLS_SERVER);
+	stream_socket_enable_crypto($forkedSocket, true, $cryptoMethod);
 	$line = fread($forkedSocket, 1024);
 	stream_set_blocking($forkedSocket, false);