remove useless ssl options

[apps/madmutt.git] / lib-sys / mutt_ssl.cpkg

diff --git a/lib-sys/mutt_ssl.cpkg b/lib-sys/mutt_ssl.cpkg
index 4dddccd..5623938 100644 (file)
--- a/lib-sys/mutt_ssl.cpkg
+++ b/lib-sys/mutt_ssl.cpkg
@@ -44,20 +44,6 @@
      ** This variables specifies whether to attempt to use SSLv3 in the
      ** SSL authentication process.
      */
      ** This variables specifies whether to attempt to use SSLv3 in the
      ** SSL authentication process.
      */

-    bool use_tlsv1 = 1;
-    /*
-     ** .pp
-     ** This variables specifies whether to attempt to use TLSv1 in the
-     ** SSL authentication process.
-     */
-
-    int min_dh_prime_bits = 0;
-    /*
-     ** .pp
-     ** This variable specifies the minimum acceptable prime size (in bits)
-     ** for use in any Diffie-Hellman key exchange. A value of 0 will use
-     ** the default from the GNUTLS library.
-     */

 
     path_t cert_file = luaM_pathnew("~/.cache/madmutt/certificates");
     /*
 
     path_t cert_file = luaM_pathnew("~/.cache/madmutt/certificates");
     /*


@@ -244,15 +230,7 @@ static int tls_negotiate (CONNECTION * conn)
   gnutls_transport_set_ptr (data->state, (gnutls_transport_ptr)(intptr_t)conn->fd);
 
   /* disable TLS/SSL protocols as needed */
   gnutls_transport_set_ptr (data->state, (gnutls_transport_ptr)(intptr_t)conn->fd);
 
   /* disable TLS/SSL protocols as needed */

-  if (!mod_ssl.use_tlsv1 && !mod_ssl.use_sslv3) {
-    mutt_error (_("All available protocols for TLS/SSL connection disabled"));
-    goto fail;
-  }
-  else if (!mod_ssl.use_tlsv1) {
-    protocol_priority[0] = GNUTLS_SSL3;
-    protocol_priority[1] = 0;
-  }
-  else if (!mod_ssl.use_sslv3) {
+  if (!mod_ssl.use_sslv3) {

     protocol_priority[0] = GNUTLS_TLS1;
     protocol_priority[1] = 0;
   }
     protocol_priority[0] = GNUTLS_TLS1;
     protocol_priority[1] = 0;
   }


@@ -266,10 +244,6 @@ static int tls_negotiate (CONNECTION * conn)
   gnutls_set_default_priority (data->state);
   gnutls_protocol_set_priority (data->state, protocol_priority);
 
   gnutls_set_default_priority (data->state);
   gnutls_protocol_set_priority (data->state, protocol_priority);
 

-  if (mod_ssl.min_dh_prime_bits > 0) {
-    gnutls_dh_set_prime_bits(data->state, mod_ssl.min_dh_prime_bits);
-  }
-

 /*
   gnutls_set_cred (data->state, GNUTLS_ANON, NULL);
 */
 /*
   gnutls_set_cred (data->state, GNUTLS_ANON, NULL);
 */