Disable SSL 2 and 3

author: Přemysl Janouch <p.janouch@gmail.com> 2015-07-12 22:10:13 +0200
committer: Přemysl Janouch <p.janouch@gmail.com> 2015-07-13 00:13:14 +0200
commit: e86dc2fbcd96482e997ff0fc8ffef203277a29ed (patch)
tree: fec7d17f9071d8024786894d69f9b099430459ae /zyklonb.c
parent: de61f9ce5b2c10692ce9b7850e2979c47dd338fb (diff)
download: xK-e86dc2fbcd96482e997ff0fc8ffef203277a29ed.tar.gz
xK-e86dc2fbcd96482e997ff0fc8ffef203277a29ed.tar.xz
xK-e86dc2fbcd96482e997ff0fc8ffef203277a29ed.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/zyklonb.c b/zyklonb.c
index 88bbc87..35eac17 100644
--- a/zyklonb.c
+++ b/zyklonb.c
@@ -316,7 +316,8 @@ irc_get_boolean_from_config
 static bool
 irc_initialize_ssl_ctx (struct bot_context *ctx, struct error **e)
 {
-	// XXX: maybe we should call SSL_CTX_set_options() for some workarounds
+	// Disable deprecated protocols (see RFC 7568)
+	SSL_CTX_set_options (ctx->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 
 	bool verify;
 	if (!irc_get_boolean_from_config (ctx, "ssl_verify", &verify, e))
author	Přemysl Janouch <p.janouch@gmail.com>	2015-07-12 22:10:13 +0200
committer	Přemysl Janouch <p.janouch@gmail.com>	2015-07-13 00:13:14 +0200
commit	e86dc2fbcd96482e997ff0fc8ffef203277a29ed (patch)
tree	fec7d17f9071d8024786894d69f9b099430459ae /zyklonb.c
parent	de61f9ce5b2c10692ce9b7850e2979c47dd338fb (diff)
download	xK-e86dc2fbcd96482e997ff0fc8ffef203277a29ed.tar.gz xK-e86dc2fbcd96482e997ff0fc8ffef203277a29ed.tar.xz xK-e86dc2fbcd96482e997ff0fc8ffef203277a29ed.zip