diff options
| author | Andreas Kotes <count@flatline.de> | 2014-04-15 12:29:30 +0200 |
|---|---|---|
| committer | Andreas Kotes <count@flatline.de> | 2014-04-15 12:29:30 +0200 |
| commit | 41ffa33b09d9bcf0902c3ef9384011c95f72ccbe (patch) | |
| tree | 778fb8ae51c4db74d07177a749d3a6a950c2e28a | |
| parent | 2a5819c9965b6fa296f8a2ace7aaf70156ee9f90 (diff) | |
change to use TLSv1_2 (or maybe later)
| -rwxr-xr-x | vchat-ssl.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/vchat-ssl.c b/vchat-ssl.c index 652ca09..7f0395b 100755 --- a/vchat-ssl.c +++ b/vchat-ssl.c | |||
| @@ -61,7 +61,8 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store ) | |||
| 61 | X509_STORE *store = NULL; | 61 | X509_STORE *store = NULL; |
| 62 | vc_x509verify_cb_t verify_callback = NULL; | 62 | vc_x509verify_cb_t verify_callback = NULL; |
| 63 | 63 | ||
| 64 | if( !(ctx = SSL_CTX_new(SSLv3_method())) ) | 64 | /* Explicitly use TLSv1_2 (or maybe later) */ |
| 65 | if( !(ctx = SSL_CTX_new(TLSv1_2_client_method())) ) | ||
| 65 | VC_CTX_ERR_EXIT(store, ctx); | 66 | VC_CTX_ERR_EXIT(store, ctx); |
| 66 | 67 | ||
| 67 | if( !(store = vc_x509store_create(vc_store)) ) | 68 | if( !(store = vc_x509store_create(vc_store)) ) |
| @@ -69,7 +70,8 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store ) | |||
| 69 | 70 | ||
| 70 | SSL_CTX_set_cert_store(ctx, store); | 71 | SSL_CTX_set_cert_store(ctx, store); |
| 71 | store = NULL; | 72 | store = NULL; |
| 72 | SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2); | 73 | /* Disable A LOT of insecure protocols explicitly */ |
| 74 | SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1); | ||
| 73 | SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); | 75 | SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); |
| 74 | 76 | ||
| 75 | SSL_CTX_set_verify_depth (ctx, 2); | 77 | SSL_CTX_set_verify_depth (ctx, 2); |