Disable SSL 2 and 3

2015-07-12 22:10:13 +02:00
parent de61f9ce5b
commit e86dc2fbcd
3 changed files with 8 additions and 1 deletions
--- a/kike.c
+++ b/kike.c
@@ -3507,6 +3507,9 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
 	SSL_CTX_set_mode (ctx->ssl_ctx,
 		SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE);

+	// Disable deprecated protocols (see RFC 7568)
+	SSL_CTX_set_options (ctx->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
 	// XXX: perhaps we should read the files ourselves for better messages
 	const char *ciphers = str_map_find (&ctx->config, "ssl_ciphers");
 	if (!SSL_CTX_set_cipher_list (ctx->ssl_ctx, ciphers))