ssl: Use more secure options

This disables ssl 2/3
This commit is contained in:
TingPing 2014-11-05 02:17:34 -05:00
parent 4b6215051f
commit ebaaf466bf

View File

@ -37,6 +37,11 @@
#include <glib/gprintf.h> #include <glib/gprintf.h>
#include "util.h" #include "util.h"
/* If openssl was built without ec */
#ifndef SSL_OP_SINGLE_ECDH_USE
#define SSL_OP_SINGLE_ECDH_USE 0
#endif
/* globals */ /* globals */
static struct chiper_info chiper_info; /* static buffer for _SSL_get_cipher_info() */ static struct chiper_info chiper_info; /* static buffer for _SSL_get_cipher_info() */
static char err_buf[256]; /* generic error buffer */ static char err_buf[256]; /* generic error buffer */
@ -82,6 +87,11 @@ _SSL_context_init (void (*info_cb_func), int server)
SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH); SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
SSL_CTX_set_timeout (ctx, 300); SSL_CTX_set_timeout (ctx, 300);
SSL_CTX_set_options (ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3
|SSL_OP_NO_COMPRESSION
|SSL_OP_SINGLE_DH_USE|SSL_OP_SINGLE_ECDH_USE
|SSL_OP_NO_TICKET
|SSL_OP_CIPHER_SERVER_PREFERENCE);
/* used in SSL_connect(), SSL_accept() */ /* used in SSL_connect(), SSL_accept() */
SSL_CTX_set_info_callback (ctx, info_cb_func); SSL_CTX_set_info_callback (ctx, info_cb_func);