summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAttila Molnar <attilamolnar@hush.com>2014-10-10 14:10:24 +0200
committerAttila Molnar <attilamolnar@hush.com>2014-10-10 14:10:24 +0200
commit9179e51e513587cddd4c4171f0ad74c8f5bf052e (patch)
tree5f1780928fb8d02e75b81e9fb13af39febf06379
parent21f99f133e635d19b3a719467bd700a494111cc4 (diff)
m_ssl_openssl Enable single (EC)DH use and disable SSL v2
Options enabled: - SSL_OP_NO_SSLv2 - SSL_OP_SINGLE_DH_USE - SSL_OP_SINGLE_ECDH_USE (if it exists) Partial backport of #856 by @jvehent
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 0398a33c7..081b0153e 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -130,6 +130,15 @@ class ModuleSSLOpenSSL : public Module
const unsigned char session_id[] = "inspircd";
SSL_CTX_set_session_id_context(ctx, session_id, sizeof(session_id) - 1);
+
+ long opts = SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE;
+ // Only turn options on if they exist
+#ifdef SSL_OP_SINGLE_ECDH_USE
+ opts |= SSL_OP_SINGLE_ECDH_USE;
+#endif
+
+ SSL_CTX_set_options(ctx, opts);
+ SSL_CTX_set_options(clictx, opts);
}
void init()