From e86dc2fbcd96482e997ff0fc8ffef203277a29ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=99emysl=20Janouch?= <p.janouch@gmail.com>
Date: Sun, 12 Jul 2015 22:10:13 +0200
Subject: Disable SSL 2 and 3

---
 degesch.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'degesch.c')

diff --git a/degesch.c b/degesch.c
index 5ef0bc2..325ea83 100644
--- a/degesch.c
+++ b/degesch.c
@@ -3895,6 +3895,9 @@ transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e)
 	SSL_CTX_set_mode (ssl_ctx,
 		SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 
+	// Disable deprecated protocols (see RFC 7568)
+	SSL_CTX_set_options (ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
 	const char *ca_file = get_config_string (s->config, "ssl_ca_file");
 	const char *ca_path = get_config_string (s->config, "ssl_ca_path");
 
-- 
cgit v1.2.3