From 458df653c80c71e00da62dccc5691e3a70a63761 Mon Sep 17 00:00:00 2001
From: TingPing <tingping@tingping.se>
Date: Wed, 5 Nov 2014 02:17:34 -0500
Subject: [PATCH] ssl: Use more secure options

This disables ssl 2/3
---
 src/common/ssl.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/common/ssl.c b/src/common/ssl.c
index e257d7d8..f0097c17 100644
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -39,6 +39,11 @@
 #include <glib/gprintf.h>
 #include "util.h"
 
+/* If openssl was built without ec */
+#ifndef SSL_OP_SINGLE_ECDH_USE
+#define SSL_OP_SINGLE_ECDH_USE 0
+#endif
+
 /* globals */
 static struct chiper_info chiper_info;		/* static buffer for _SSL_get_cipher_info() */
 static char err_buf[256];			/* generic error buffer */
@@ -84,6 +89,11 @@ _SSL_context_init (void (*info_cb_func), int server)
 
 	SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
 	SSL_CTX_set_timeout (ctx, 300);
+	SSL_CTX_set_options (ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3
+							  |SSL_OP_NO_COMPRESSION
+							  |SSL_OP_SINGLE_DH_USE|SSL_OP_SINGLE_ECDH_USE
+							  |SSL_OP_NO_TICKET
+							  |SSL_OP_CIPHER_SERVER_PREFERENCE);
 
 	/* used in SSL_connect(), SSL_accept() */
 	SSL_CTX_set_info_callback (ctx, info_cb_func);