diff options
| author |   jsing <jsing@openbsd.org> | 2014-10-15 14:11:47 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2014-10-15 14:11:47 +0000 |
| commit | f573e7536ae3c18a77571703035cc3f8e788f982 (patch) | |
| tree | 2191f0a990cf753be744f74ae31632eb333a6537 | |
| parent | Set SSL_OP_SINGLE_ECDH_USE before calling SSL_CTX_set_tmp_ecdh() - this (diff) | |
| download | wireguard-openbsd-f573e7536ae3c18a77571703035cc3f8e788f982.tar.xz wireguard-openbsd-f573e7536ae3c18a77571703035cc3f8e788f982.zip | |
Clear protocol options before optionally setting them.
| -rw-r--r-- | lib/libressl/ressl.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/libressl/ressl.c b/lib/libressl/ressl.c index b85fe044155..b500c830639 100644 --- a/lib/libressl/ressl.c +++ b/lib/libressl/ressl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ressl.c,v 1.16 2014/09/29 15:31:38 jsing Exp $ */ +/* $OpenBSD: ressl.c,v 1.17 2014/10/15 14:11:47 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -173,6 +173,11 @@ ressl_configure_ssl(struct ressl *ctx) { SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2); + SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3); + SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1); + SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_1); + SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2); + if ((ctx->config->protocols & RESSL_PROTOCOL_SSLv3) == 0) SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3); if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_0) == 0) |