From e86dc2fbcd96482e997ff0fc8ffef203277a29ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=99emysl=20Janouch?=
Date: Sun, 12 Jul 2015 22:10:13 +0200
Subject: Disable SSL 2 and 3
---
kike.c | 3 +++
1 file changed, 3 insertions(+)
(limited to 'kike.c')
diff --git a/kike.c b/kike.c
index 6bdba55..fafa38d 100644
--- a/kike.c
+++ b/kike.c
@@ -3507,6 +3507,9 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
SSL_CTX_set_mode (ctx->ssl_ctx,
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE);
+ // Disable deprecated protocols (see RFC 7568)
+ SSL_CTX_set_options (ctx->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
// XXX: perhaps we should read the files ourselves for better messages
const char *ciphers = str_map_find (&ctx->config, "ssl_ciphers");
if (!SSL_CTX_set_cipher_list (ctx->ssl_ctx, ciphers))
--
cgit v1.2.3