diff options
| -rw-r--r-- | src/common/ssl.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/common/ssl.c b/src/common/ssl.c index 04cd6673..f490929a 100644 --- a/src/common/ssl.c +++ b/src/common/ssl.c @@ -90,11 +90,17 @@ _SSL_context_init (void (*info_cb_func), int server) SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH); SSL_CTX_set_timeout (ctx, 300); SSL_CTX_set_options (ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3 +#ifdef SSL_OP_NO_COMPRESSION |SSL_OP_NO_COMPRESSION +#endif |SSL_OP_SINGLE_DH_USE|SSL_OP_SINGLE_ECDH_USE |SSL_OP_NO_TICKET |SSL_OP_CIPHER_SERVER_PREFERENCE); +#if OPENSSL_VERSION_NUMBER >= 0x00908000L /* workaround for OpenSSL 0.9.8 */ + sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); +#endif + /* used in SSL_connect(), SSL_accept() */ SSL_CTX_set_info_callback (ctx, info_cb_func); @@ -541,4 +547,4 @@ _SSL_check_hostname (X509 *cert, const char *host) return rv; return _SSL_check_common_name (cert, host); -} \ No newline at end of file +} |