diff options
| author | dequis <dx@dxzone.com.ar> | 2016-09-29 14:53:41 -0300 |
|---|---|---|
| committer | dequis <dx@dxzone.com.ar> | 2016-09-29 14:53:41 -0300 |
| commit | 82e55d202f8152c25b8daa48d1960eede3eee312 (patch) | |
| tree | 304e9f3722498d9bebdcd9307626f09dae5d1e92 | |
| parent | ff468a7ad739bbde90000de3f9019833eba89012 (diff) | |
ssl_openssl: Allow TLS versions newer than 1.0
Another victim of SSLv23_client_method's terrible name. At least we
weren't forcing ssl 3.0.
Thanks kl3 for pointing this out.
Despite what this commit might suggest, using openssl is not recommended
at all. Potential GPL incompatibility aside, that module doesn't have
certificate verification code. Don't use it unless you have a good
reason to do so.
| -rw-r--r-- | lib/ssl_openssl.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/ssl_openssl.c b/lib/ssl_openssl.c index 38ce0598..2f668da2 100644 --- a/lib/ssl_openssl.c +++ b/lib/ssl_openssl.c @@ -66,8 +66,9 @@ void ssl_init(void) SSL_library_init(); - meth = TLSv1_client_method(); + meth = SSLv23_client_method(); ssl_ctx = SSL_CTX_new(meth); + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); initialized = TRUE; } |