summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp17
1 files changed, 16 insertions, 1 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 3ebc8e4d9..4937e7cb0 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -336,14 +336,29 @@ namespace OpenSSL
{
long setoptions = tag->getInt(ctxname + "setoptions", 0);
long clearoptions = tag->getInt(ctxname + "clearoptions", 0);
+
#ifdef SSL_OP_NO_COMPRESSION
- if (!tag->getBool("compression", false)) // Disable compression by default
+ // Disable compression by default
+ if (!tag->getBool("compression", false))
setoptions |= SSL_OP_NO_COMPRESSION;
#endif
+
// Disable TLSv1.0 by default.
if (!tag->getBool("tlsv1", false))
setoptions |= SSL_OP_NO_TLSv1;
+#ifdef SSL_OP_NO_TLSv1_1
+ // Enable TLSv1.1 by default.
+ if (!tag->getBool("tlsv11", true))
+ setoptions |= SSL_OP_NO_TLSv1_1;
+#endif
+
+#ifdef SSL_OP_NO_TLSv1_2
+ // Enable TLSv1.2 by default.
+ if (!tag->getBool("tlsv12", true))
+ setoptions |= SSL_OP_NO_TLSv1_2;
+#endif
+
if (!setoptions && !clearoptions)
return; // Nothing to do
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-04 11:38:45 +0000