moparisthebest
/
hexchat
mirror of https://github.com/moparisthebest/hexchat
1
0
Fork 0
Code Issues Releases Wiki Activity

ssl: Use more secure options 

This disables ssl 2/3
This commit is contained in:
TingPing 2014-11-05 02:17:34 -05:00
parent b6fa8574cb
commit 458df653c8
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/common/ssl.c
View File

@ -39,6 +39,11 @@
#include <glib/gprintf.h>
#include "util.h"
/* If openssl was built without ec */
#ifndef SSL_OP_SINGLE_ECDH_USE
#define SSL_OP_SINGLE_ECDH_USE 0
#endif
/* globals */
static struct chiper_info chiper_info; /* static buffer for _SSL_get_cipher_info() */
static char err_buf[256]; /* generic error buffer */
@ -84,6 +89,11 @@ _SSL_context_init (void (*info_cb_func), int server)
SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
SSL_CTX_set_timeout (ctx, 300);
SSL_CTX_set_options (ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3
|SSL_OP_NO_COMPRESSION
|SSL_OP_SINGLE_DH_USE|SSL_OP_SINGLE_ECDH_USE
|SSL_OP_NO_TICKET
|SSL_OP_CIPHER_SERVER_PREFERENCE);
/* used in SSL_connect(), SSL_accept() */
SSL_CTX_set_info_callback (ctx, info_cb_func);