diff options
author | TingPing <tingping@tingping.se> | 2014-11-05 02:17:34 -0500 |
---|---|---|
committer | TingPing <tingping@tingping.se> | 2014-11-05 02:17:34 -0500 |
commit | ebaaf466bf42aec26f05e71f06c39a0b19e32e77 (patch) | |
tree | a14f8612694ee0d3f808d7e675089bcb51cbb6d7 | |
parent | 4b6215051f1d3b484e32dc95e33d83202bd89959 (diff) |
ssl: Use more secure options
This disables ssl 2/3
-rw-r--r-- | src/common/ssl.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/common/ssl.c b/src/common/ssl.c index cfa9b6cf..e929a1aa 100644 --- a/src/common/ssl.c +++ b/src/common/ssl.c @@ -37,6 +37,11 @@ #include <glib/gprintf.h> #include "util.h" +/* If openssl was built without ec */ +#ifndef SSL_OP_SINGLE_ECDH_USE +#define SSL_OP_SINGLE_ECDH_USE 0 +#endif + /* globals */ static struct chiper_info chiper_info; /* static buffer for _SSL_get_cipher_info() */ static char err_buf[256]; /* generic error buffer */ @@ -82,6 +87,11 @@ _SSL_context_init (void (*info_cb_func), int server) SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH); SSL_CTX_set_timeout (ctx, 300); + SSL_CTX_set_options (ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3 + |SSL_OP_NO_COMPRESSION + |SSL_OP_SINGLE_DH_USE|SSL_OP_SINGLE_ECDH_USE + |SSL_OP_NO_TICKET + |SSL_OP_CIPHER_SERVER_PREFERENCE); /* used in SSL_connect(), SSL_accept() */ SSL_CTX_set_info_callback (ctx, info_cb_func); |