stv0g/libwebsockets
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Subject: [PATCH] SSL: Disable support for SSLv2 and SSLv3.

Browse source
This commit is contained in:
Roger A. Light 2014-06-03 01:35:00 +01:00 committed by Andy Green
parent 1b97ec2efa
commit d893d96f8f
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/ssl.c
View file

@ -114,6 +114,10 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
/*
* Firefox insists on SSLv23 not SSLv3
* Konq disables SSLv2 by default now, SSLv23 works
*
* SSLv23_server_method() is the openssl method for "allow all TLS
* versions", compared to e.g. TLSv1_2_server_method() which only allows
* tlsv1.2. Unwanted versions must be disabled using SSL_CTX_set_options()
*/
method = (SSL_METHOD *)SSLv23_server_method();
@ -133,6 +137,8 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
return 1;
}
/* Disable SSLv2 and SSLv3 */
SSL_CTX_set_options(context->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(context->ssl_ctx, SSL_OP_NO_COMPRESSION);
#endif