blob: b3fe01818ad2db4fd9ccd4a97424be243a7ede61 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
diff -urN ftimes-3.11.0.old/src/ssl.c ftimes-3.11.0.new/src/ssl.c
--- src/ssl.c 2014-07-18 02:40:44.000000000 -0400
+++ src/ssl.c 2016-01-13 17:18:29.073028573 -0500
@@ -251,7 +251,7 @@
*
*********************************************************************
*/
- psProperties->psslCTX = SSL_CTX_new(SSLv3_client_method());
+ psProperties->psslCTX = SSL_CTX_new(SSLv23_client_method());
if (psProperties->psslCTX == NULL)
{
ERR_error_string(ERR_get_error(), acLocalError);
@@ -262,6 +262,33 @@
/*-
*********************************************************************
*
+ * Disable protocol versions that are no longer safe to use.
+ *
+ *********************************************************************
+ */
+ SSL_CTX_set_options
+ (
+ psProperties->psslCTX,
+ (
+ 0
+#ifdef SSL_OP_NO_SSLv2
+ | SSL_OP_NO_SSLv2
+#endif
+#ifdef SSL_OP_NO_SSLv3
+ | SSL_OP_NO_SSLv3
+#endif
+#ifdef SSL_OP_NO_TLSv1
+ | SSL_OP_NO_TLSv1
+#endif
+#ifdef SSL_OP_NO_TLSv1_1
+ | SSL_OP_NO_TLSv1_1
+#endif
+ )
+ );
+
+ /*-
+ *********************************************************************
+ *
* Setup SSL certificate verification. Load the bundled certificate
* authorities file. A common name (CN) and a positive chain length
* must be specified to activate PEER verification. If you want to
|