Disable SSL 2 and 3

2015-07-12 22:10:13 +02:00
parent de61f9ce5b
commit e86dc2fbcd
3 changed files with 8 additions and 1 deletions
--- a/zyklonb.c
+++ b/zyklonb.c
@@ -316,7 +316,8 @@ irc_get_boolean_from_config
 static bool
 irc_initialize_ssl_ctx (struct bot_context *ctx, struct error **e)
 {
-	// XXX: maybe we should call SSL_CTX_set_options() for some workarounds
+	// Disable deprecated protocols (see RFC 7568)
+	SSL_CTX_set_options (ctx->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);

 	bool verify;
 	if (!irc_get_boolean_from_config (ctx, "ssl_verify", &verify, e))