summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorGravatar tihmstar2023-12-12 11:13:58 +0100
committerGravatar Nikias Bassen2023-12-12 11:13:58 +0100
commit9ecd81d16cf0754c3a4a72ea45422c51482d50ba (patch)
tree0d5cfb4d16769ff82a2cd449f13847a347307be6 /src
parent04c023317f616b4b9588cce8c2da3174a7d2086b (diff)
downloadlibimobiledevice-9ecd81d16cf0754c3a4a72ea45422c51482d50ba.tar.gz
libimobiledevice-9ecd81d16cf0754c3a4a72ea45422c51482d50ba.tar.bz2
Fix iOS 1 SSL connection
Detect if we're talking to iOS 1 `if (connection->device->version == 0)` and set `SSL_CTX_set_min_proto_version(ssl_ctx, 0);` to support SSL3. iOS 1 doesn't understand TLS1_VERSION, it can only speak SSL3_VERSION. However, modern OpenSSL is usually compiled without SSLv3 support. So if we set min_proto_version to SSL3_VERSION on an OpenSSL instance which doesn't support it, it will just ignore min_proto_version altogether and fall back to an even higher version. To avoid accidentally breaking iOS 2.0+, we set min version to 0 instead.
Diffstat (limited to 'src')
-rw-r--r--src/idevice.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/src/idevice.c b/src/idevice.c
index 719cd28..2f4e9ce 100644
--- a/src/idevice.c
+++ b/src/idevice.c
@@ -1245,6 +1245,20 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION);
if (connection->device->version < DEVICE_VERSION(10,0,0)) {
SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_VERSION);
+ if (connection->device->version == 0) {
+ /*
+ iOS 1 doesn't understand TLS1_VERSION, it can only speak SSL3_VERSION.
+ However, modern OpenSSL is usually compiled without SSLv3 support.
+ So if we set min_proto_version to SSL3_VERSION on an OpenSSL instance which doesn't support it,
+ it will just ignore min_proto_version altogether and fall back to an even higher version.
+ To avoid accidentally breaking iOS 2.0+, we set min version to 0 instead.
+ Here is what documentation says:
+ Setting the minimum or maximum version to 0,
+ will enable protocol versions down to the lowest version,
+ or up to the highest version supported by the library, respectively.
+ */
+ SSL_CTX_set_min_proto_version(ssl_ctx, 0);
+ }
}
#endif
#if OPENSSL_VERSION_NUMBER >= 0x30000000L