profile->ssl_ready = 1;
assert(profile->ssl_ctx);
+ /* Disable SSLv2 */
+ SSL_CTX_set_options(profile->ssl_ctx, SSL_OP_NO_SSLv2);
+ /* Disable SSLv3 */
+ SSL_CTX_set_options(profile->ssl_ctx, SSL_OP_NO_SSLv3);
+ /* Disable TLSv1 */
+ SSL_CTX_set_options(profile->ssl_ctx, SSL_OP_NO_TLSv1);
+ /* Disable TLSv1_1 */
+ SSL_CTX_set_options(profile->ssl_ctx, SSL_OP_NO_TLSv1_1);
+ /* Disable Compression CRIME (Compression Ratio Info-leak Made Easy) */
+ SSL_CTX_set_options(profile->ssl_ctx, SSL_OP_NO_COMPRESSION);
+
/* set the local certificate from CertFile */
if (!zstr(profile->chain)) {
SSL_CTX_use_certificate_chain_file(profile->ssl_ctx, profile->chain);
OpenSSL_add_all_algorithms(); /* load & register cryptos */
SSL_load_error_strings(); /* load all error messages */
- ws_globals.ssl_method = TLSv1_server_method(); /* create server instance */
+ ws_globals.ssl_method = SSLv23_server_method(); /* create server instance */
ws_globals.ssl_ctx = SSL_CTX_new(ws_globals.ssl_method); /* create context */
assert(ws_globals.ssl_ctx);
-
+
+ /* Disable SSLv2 */
+ SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_SSLv2);
+ /* Disable SSLv3 */
+ SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_SSLv3);
+ /* Disable TLSv1 */
+ SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_TLSv1);
+ /* Disable TLSv1_1 */
+ SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_TLSv1_1);
+ /* Disable Compression CRIME (Compression Ratio Info-leak Made Easy) */
+ SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_COMPRESSION);
/* set the local certificate from CertFile */
SSL_CTX_use_certificate_file(ws_globals.ssl_ctx, ws_globals.cert, SSL_FILETYPE_PEM);
/* set the private key from KeyFile */
projects / thirdparty / freeswitch.git / commitdiff
