summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Kotes <count@flatline.de>2014-04-15 15:26:54 +0200
committerAndreas Kotes <count@flatline.de>2014-04-15 15:26:54 +0200
commitcc89915d8cc8361c29318ee954f4fff14d862cb7 (patch)
treebff8fac9e945fbc9fcc73e53543f789dca78549c
parentf98143f4d2774dc06b23655fd369075247aab4e9 (diff)
use SSLv23_client_method & force cipherstring
-rwxr-xr-xvchat-ssl.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/vchat-ssl.c b/vchat-ssl.c
index e571d85..d4a6029 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -62,7 +62,7 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
62 vc_x509verify_cb_t verify_callback = NULL; 62 vc_x509verify_cb_t verify_callback = NULL;
63 63
64 /* Explicitly use TLSv1 (or maybe later) */ 64 /* Explicitly use TLSv1 (or maybe later) */
65 if( !(ctx = SSL_CTX_new(TLSv1_client_method())) ) 65 if( !(ctx = SSL_CTX_new(SSLv23_client_method())) )
66 VC_CTX_ERR_EXIT(store, ctx); 66 VC_CTX_ERR_EXIT(store, ctx);
67 67
68 if( !(store = vc_x509store_create(vc_store)) ) 68 if( !(store = vc_x509store_create(vc_store)) )
@@ -71,8 +71,11 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
71 SSL_CTX_set_cert_store(ctx, store); 71 SSL_CTX_set_cert_store(ctx, store);
72 store = NULL; 72 store = NULL;
73 /* Disable some insecure protocols explicitly */ 73 /* Disable some insecure protocols explicitly */
74 SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3); 74 SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
75 SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:!RC4:@STRENGTH"); 75 if( OPENSSL_VERSION_NUMBER < 0x10000000L )
76 SSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA");
77 else
78 SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES256-GCM-SHA384");
76 79
77 SSL_CTX_set_verify_depth (ctx, 2); 80 SSL_CTX_set_verify_depth (ctx, 2);
78 81