From e86dc2fbcd96482e997ff0fc8ffef203277a29ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=99emysl=20Janouch?=
Date: Sun, 12 Jul 2015 22:10:13 +0200
Subject: Disable SSL 2 and 3
---
zyklonb.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
(limited to 'zyklonb.c')
diff --git a/zyklonb.c b/zyklonb.c
index 88bbc87..35eac17 100644
--- a/zyklonb.c
+++ b/zyklonb.c
@@ -316,7 +316,8 @@ irc_get_boolean_from_config
static bool
irc_initialize_ssl_ctx (struct bot_context *ctx, struct error **e)
{
- // XXX: maybe we should call SSL_CTX_set_options() for some workarounds
+ // Disable deprecated protocols (see RFC 7568)
+ SSL_CTX_set_options (ctx->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
bool verify;
if (!irc_get_boolean_from_config (ctx, "ssl_verify", &verify, e))
--
cgit v1.2.3