3party/mongoose
0
0
Fork 0
mirror of https://github.com/cesanta/mongoose.git synced 2025-01-15 18:34:41 +08:00
Code Issues Projects Releases Wiki Activity

Disable insecure and deprectaed SSL protocols

Browse Source 
Also allow disabling conmpression and forcing server cipher list.

PUBLISHED_FROM=5539deec9c2382ba34597872dd7f3a5abc0cc311
This commit is contained in:
Deomid Ryabkov 2017-07-05 17:53:29 +01:00 committed by Cesanta Bot
parent 2a2bc33a89
commit 4c37e49274
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
mongoose.c
View File

@ -4198,6 +4198,21 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
return MG_SSL_ERROR;
}
#ifndef KR_VERSION
/* Disable deprecated protocols. */
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1);
#ifdef MG_SSL_OPENSSL_NO_COMPRESSION
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_COMPRESSION);
#endif
#ifdef MG_SSL_OPENSSL_CIPHER_SERVER_PREFERENCE
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
#endif
#else
/* Krypton only supports TLSv1.2 anyway. */
#endif
if (params->cert != NULL &&
mg_use_cert(ctx->ssl_ctx, params->cert, params->key, err_msg) !=
MG_SSL_OK) {