diff options
author | Attila Molnar <attilamolnar@hush.com> | 2014-10-10 14:10:24 +0200 |
---|---|---|
committer | Attila Molnar <attilamolnar@hush.com> | 2014-10-10 14:10:24 +0200 |
commit | 9179e51e513587cddd4c4171f0ad74c8f5bf052e (patch) | |
tree | 5f1780928fb8d02e75b81e9fb13af39febf06379 /src/modules/extra | |
parent | 21f99f133e635d19b3a719467bd700a494111cc4 (diff) |
m_ssl_openssl Enable single (EC)DH use and disable SSL v2
Options enabled:
- SSL_OP_NO_SSLv2
- SSL_OP_SINGLE_DH_USE
- SSL_OP_SINGLE_ECDH_USE (if it exists)
Partial backport of #856 by @jvehent
Diffstat (limited to 'src/modules/extra')
-rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 0398a33c7..081b0153e 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -130,6 +130,15 @@ class ModuleSSLOpenSSL : public Module const unsigned char session_id[] = "inspircd"; SSL_CTX_set_session_id_context(ctx, session_id, sizeof(session_id) - 1); + + long opts = SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE; + // Only turn options on if they exist +#ifdef SSL_OP_SINGLE_ECDH_USE + opts |= SSL_OP_SINGLE_ECDH_USE; +#endif + + SSL_CTX_set_options(ctx, opts); + SSL_CTX_set_options(clictx, opts); } void init() |