MirrorHub/construct
0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-29 10:12:39 +01:00
Code Issues Releases Wiki Activity

Improve the versions of TLS used for server to server linking

Browse source 
When building against current OpenSSL (<= 1.0.2) or old LibreSSL
(< 2.2.2) the server will use TLSv1.0 only when connecting to other
servers.

This patch corrects that.
This commit is contained in:
Aaron Jones 2015-10-23 16:08:15 +00:00
parent 3ae24413ca
commit 25f7ee7dd6
No known key found for this signature in database
GPG key ID: 6E854C0FAAD4CEA4
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
libratbox/src/openssl.c
View file

@ -370,7 +370,7 @@ rb_init_ssl(void)
#endif
#ifndef LRB_HAVE_TLS_METHOD_API
ssl_client_ctx = SSL_CTX_new(TLSv1_client_method());
ssl_client_ctx = SSL_CTX_new(SSLv23_client_method());
#else
ssl_client_ctx = SSL_CTX_new(TLS_client_method());
#endif
@ -382,6 +382,10 @@ rb_init_ssl(void)
ret = 0;
}
#ifndef LRB_HAVE_TLS_METHOD_API
SSL_CTX_set_options(ssl_client_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
#endif
#ifdef SSL_OP_NO_TICKET
SSL_CTX_set_options(ssl_client_ctx, SSL_OP_NO_TICKET);
#endif