From d072eb235041f308b5ca9afd1560699e7506b960 Mon Sep 17 00:00:00 2001
From: Patrick Godschalk <argure@donttrustrobots.nl>
Date: Sun, 26 Oct 2014 13:15:30 +0100
Subject: [PATCH] Explicitly drop SSLv3 connections (SSL_OP_NO_SSLv3) - might
 break TLS-capable clients that still depend on SSLv23 handshake

---
 libratbox/src/openssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c
index 4b2552568..9a9b52d55 100644
--- a/libratbox/src/openssl.c
+++ b/libratbox/src/openssl.c
@@ -312,7 +312,7 @@ rb_init_ssl(void)
 		ret = 0;
 	}
 	/* Disable SSLv2, make the client use our settings */
-	SSL_CTX_set_options(ssl_server_ctx, SSL_OP_NO_SSLv2 | SSL_OP_CIPHER_SERVER_PREFERENCE
+	SSL_CTX_set_options(ssl_server_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_CIPHER_SERVER_PREFERENCE
 #ifdef SSL_OP_SINGLE_DH_USE
 			| SSL_OP_SINGLE_DH_USE
 #endif