diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/idevice.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/idevice.c b/src/idevice.c index 719cd28..2f4e9ce 100644 --- a/src/idevice.c +++ b/src/idevice.c @@ -1245,6 +1245,20 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION); if (connection->device->version < DEVICE_VERSION(10,0,0)) { SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_VERSION); + if (connection->device->version == 0) { + /* + iOS 1 doesn't understand TLS1_VERSION, it can only speak SSL3_VERSION. + However, modern OpenSSL is usually compiled without SSLv3 support. + So if we set min_proto_version to SSL3_VERSION on an OpenSSL instance which doesn't support it, + it will just ignore min_proto_version altogether and fall back to an even higher version. + To avoid accidentally breaking iOS 2.0+, we set min version to 0 instead. + Here is what documentation says: + Setting the minimum or maximum version to 0, + will enable protocol versions down to the lowest version, + or up to the highest version supported by the library, respectively. + */ + SSL_CTX_set_min_proto_version(ssl_ctx, 0); + } } #endif #if OPENSSL_VERSION_NUMBER >= 0x30000000L |