commit 712482ee6032675710eb47264eaf67c6c0415f67 parent 1416e344baa5929bb257769e5c67596e8d091a1e Author: parazyd <parazyd@dyne.org> Date: Sat, 10 Mar 2018 14:28:23 +0100 Make SSL opts more understandable. Diffstat:
| M | net.c | | | 10 | ++++++++-- |
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/net.c b/net.c @@ -136,14 +136,20 @@ int net_connecttcp(net_t *net) { int net_addssl(net_t *net) { SSL *sfd; + long opts; SSL_library_init(); OpenSSL_add_all_algorithms(); net->data[1] = SSL_CTX_new(SSLv23_method()); if (net->data[1] == NULL) goto netaddsslerr; - SSL_CTX_set_options((SSL_CTX *)net->data[1], - SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3); + + opts = SSL_CTX_get_options(net->data[1]); + opts |= SSL_OP_NO_SSLv2; + opts |= SSL_OP_NO_SSLv3; + opts |= SSL_OP_NO_TLSv1; + opts |= SSL_OP_NO_TLSv1_1; + SSL_CTX_set_options((SSL_CTX *)net->data[1], opts); if ((sfd = SSL_new((SSL_CTX *)net->data[1])) == NULL) goto netaddsslerr;