1 files changed, 14 insertions, 0 deletions
diff --git a/src/idevice.c b/src/idevice.c
index 719cd28..2f4e9ce 100644
--- a/src/idevice.c
+++ b/src/idevice.c
@@ -1245,6 +1245,20 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
        SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION);
        if (connection->device->version < DEVICE_VERSION(10,0,0)) {
                SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_VERSION);
+                if (connection->device->version == 0) {
+                        /*
+                                iOS 1 doesn't understand TLS1_VERSION, it can only speak SSL3_VERSION.
+                                However, modern OpenSSL is usually compiled without SSLv3 support.
+                                So if we set min_proto_version to SSL3_VERSION on an OpenSSL instance which doesn't support it,
+                                it will just ignore min_proto_version altogether and fall back to an even higher version.
+                                To avoid accidentally breaking iOS 2.0+, we set min version to 0 instead.
+                                Here is what documentation says:
+                                        Setting the minimum or maximum version to 0,
+                                        will enable protocol versions down to the lowest version,
+                                        or up to the highest version supported by the library, respectively.
+                        */
+                        SSL_CTX_set_min_proto_version(ssl_ctx, 0);
+                }
        }
 #endif
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L

diff --git a/src/idevice.c b/src/idevice.c index 719cd28..2f4e9ce 100644 --- a/src/idevice.c +++ b/src/idevice.c
@@ -1245,6 +1245,20 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
1245	SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION);	1245	SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION);
1246	if (connection->device->version < DEVICE_VERSION(10,0,0)) {	1246	if (connection->device->version < DEVICE_VERSION(10,0,0)) {
1247	SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_VERSION);	1247	SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_VERSION);
		1248	if (connection->device->version == 0) {
		1249	/*
		1250	iOS 1 doesn't understand TLS1_VERSION, it can only speak SSL3_VERSION.
		1251	However, modern OpenSSL is usually compiled without SSLv3 support.
		1252	So if we set min_proto_version to SSL3_VERSION on an OpenSSL instance which doesn't support it,
		1253	it will just ignore min_proto_version altogether and fall back to an even higher version.
		1254	To avoid accidentally breaking iOS 2.0+, we set min version to 0 instead.
		1255	Here is what documentation says:
		1256	Setting the minimum or maximum version to 0,
		1257	will enable protocol versions down to the lowest version,
		1258	or up to the highest version supported by the library, respectively.
		1259	*/
		1260	SSL_CTX_set_min_proto_version(ssl_ctx, 0);
		1261	}
1248	}	1262	}
1249	#endif	1263	#endif
1250	#if OPENSSL_VERSION_NUMBER >= 0x30000000L	1264	#if OPENSSL_VERSION_NUMBER >= 0x30000000L