ssl: Use more secure options
This disables ssl 2/3
This commit is contained in:
parent
4b6215051f
commit
ebaaf466bf
@ -37,6 +37,11 @@
|
||||
#include <glib/gprintf.h>
|
||||
#include "util.h"
|
||||
|
||||
/* If openssl was built without ec */
|
||||
#ifndef SSL_OP_SINGLE_ECDH_USE
|
||||
#define SSL_OP_SINGLE_ECDH_USE 0
|
||||
#endif
|
||||
|
||||
/* globals */
|
||||
static struct chiper_info chiper_info; /* static buffer for _SSL_get_cipher_info() */
|
||||
static char err_buf[256]; /* generic error buffer */
|
||||
@ -82,6 +87,11 @@ _SSL_context_init (void (*info_cb_func), int server)
|
||||
|
||||
SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
|
||||
SSL_CTX_set_timeout (ctx, 300);
|
||||
SSL_CTX_set_options (ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3
|
||||
|SSL_OP_NO_COMPRESSION
|
||||
|SSL_OP_SINGLE_DH_USE|SSL_OP_SINGLE_ECDH_USE
|
||||
|SSL_OP_NO_TICKET
|
||||
|SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
|
||||
/* used in SSL_connect(), SSL_accept() */
|
||||
SSL_CTX_set_info_callback (ctx, info_cb_func);
|
||||
|
Loading…
Reference in New Issue
Block a user