ssl: Use more secure options
This disables ssl 2/3
This commit is contained in:
parent
4b6215051f
commit
ebaaf466bf
@ -37,6 +37,11 @@
|
|||||||
#include <glib/gprintf.h>
|
#include <glib/gprintf.h>
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
|
|
||||||
|
/* If openssl was built without ec */
|
||||||
|
#ifndef SSL_OP_SINGLE_ECDH_USE
|
||||||
|
#define SSL_OP_SINGLE_ECDH_USE 0
|
||||||
|
#endif
|
||||||
|
|
||||||
/* globals */
|
/* globals */
|
||||||
static struct chiper_info chiper_info; /* static buffer for _SSL_get_cipher_info() */
|
static struct chiper_info chiper_info; /* static buffer for _SSL_get_cipher_info() */
|
||||||
static char err_buf[256]; /* generic error buffer */
|
static char err_buf[256]; /* generic error buffer */
|
||||||
@ -82,6 +87,11 @@ _SSL_context_init (void (*info_cb_func), int server)
|
|||||||
|
|
||||||
SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
|
SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
|
||||||
SSL_CTX_set_timeout (ctx, 300);
|
SSL_CTX_set_timeout (ctx, 300);
|
||||||
|
SSL_CTX_set_options (ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3
|
||||||
|
|SSL_OP_NO_COMPRESSION
|
||||||
|
|SSL_OP_SINGLE_DH_USE|SSL_OP_SINGLE_ECDH_USE
|
||||||
|
|SSL_OP_NO_TICKET
|
||||||
|
|SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||||
|
|
||||||
/* used in SSL_connect(), SSL_accept() */
|
/* used in SSL_connect(), SSL_accept() */
|
||||||
SSL_CTX_set_info_callback (ctx, info_cb_func);
|
SSL_CTX_set_info_callback (ctx, info_cb_func);
|
||||||
|
Loading…
Reference in New Issue
Block a user