diff options
| author | Attila Molnar <attilamolnar@hush.com> | 2015-03-11 23:50:07 +0100 |
|---|---|---|
| committer | Attila Molnar <attilamolnar@hush.com> | 2015-03-12 19:35:07 +0100 |
| commit | a57e41304f80ed332912115a22b08fde03bda893 (patch) | |
| tree | 822e1ca5899e779f75467aae111b7af9370258d6 | |
| parent | 7de4b86b7fb44f800db2e5b4e4c69e1ccc6fbda3 (diff) | |
m_ssl_openssl: Set sane default context options
| -rw-r--r-- | modules/extra/m_ssl_openssl.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/modules/extra/m_ssl_openssl.cpp b/modules/extra/m_ssl_openssl.cpp index ebf88ad63..67ab6164c 100644 --- a/modules/extra/m_ssl_openssl.cpp +++ b/modules/extra/m_ssl_openssl.cpp @@ -103,6 +103,10 @@ class SSLModule : public Module if (!client_ctx || !server_ctx) throw ModuleException("Error initializing SSL CTX"); + long opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_CIPHER_SERVER_PREFERENCE; + SSL_CTX_set_options(client_ctx, opts); + SSL_CTX_set_options(server_ctx, opts); + SSL_CTX_set_mode(client_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); SSL_CTX_set_mode(server_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); |