diff options
author | erdgeist <de@gsmk.de> | 2014-04-15 14:24:43 +0200 |
---|---|---|
committer | erdgeist <de@gsmk.de> | 2014-04-15 14:24:43 +0200 |
commit | 7e81cd818c751e0f75b2c637e37356485e1e71ef (patch) | |
tree | 73d63ee98b8d20ce0609c93c8ca13fad68aaea0d | |
parent | b6fdcbeb3ea50e0051749dc552ffb7a736d3c8e1 (diff) |
Enforce strong crypto
-rwxr-xr-x | vchat-ssl.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/vchat-ssl.c b/vchat-ssl.c index 652ca09..41b0278 100755 --- a/vchat-ssl.c +++ b/vchat-ssl.c | |||
@@ -61,7 +61,7 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store ) | |||
61 | X509_STORE *store = NULL; | 61 | X509_STORE *store = NULL; |
62 | vc_x509verify_cb_t verify_callback = NULL; | 62 | vc_x509verify_cb_t verify_callback = NULL; |
63 | 63 | ||
64 | if( !(ctx = SSL_CTX_new(SSLv3_method())) ) | 64 | if( !(ctx = SSL_CTX_new(SSLv23_method())) ) |
65 | VC_CTX_ERR_EXIT(store, ctx); | 65 | VC_CTX_ERR_EXIT(store, ctx); |
66 | 66 | ||
67 | if( !(store = vc_x509store_create(vc_store)) ) | 67 | if( !(store = vc_x509store_create(vc_store)) ) |
@@ -69,8 +69,11 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store ) | |||
69 | 69 | ||
70 | SSL_CTX_set_cert_store(ctx, store); | 70 | SSL_CTX_set_cert_store(ctx, store); |
71 | store = NULL; | 71 | store = NULL; |
72 | SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2); | 72 | SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); |
73 | SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); | 73 | if( OPENSSL_VERSION_NUMBER < 0x10000000L ) |
74 | SSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA"); | ||
75 | else | ||
76 | SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES256-GCM-SHA384"); | ||
74 | 77 | ||
75 | SSL_CTX_set_verify_depth (ctx, 2); | 78 | SSL_CTX_set_verify_depth (ctx, 2); |
76 | 79 | ||