From a547f8d3f3dc614c750c5786823f96d9fe964962 Mon Sep 17 00:00:00 2001
From: Jeffrey Walton <noloader@gmail.com>
Date: Thu, 6 Feb 2020 08:17:14 -0500
Subject: [PATCH] Update ldns-dane example to use OpenSSL context options

---
 examples/ldns-dane.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/examples/ldns-dane.c b/examples/ldns-dane.c
index d0898249..4c31fd8f 100644
--- a/examples/ldns-dane.c
+++ b/examples/ldns-dane.c
@@ -1703,6 +1703,20 @@ main(int argc, char* const* argv)
 	if (ctx && SSL_CTX_dane_enable(ctx) <= 0) {
 		ssl_err("could not SSL_CTX_dane_enable");
 	}
+
+	/* Use TLSv1.0 or above for connection. */
+	long flags = 0;
+# ifdef SSL_OP_NO_SSLv2
+	flags |= SSL_OP_NO_SSLv2;
+# endif
+# ifdef SSL_OP_NO_SSLv3
+	flags |= SSL_OP_NO_SSLv3;
+# endif
+# ifdef SSL_OP_NO_COMPRESSION
+	flags |= SSL_OP_NO_COMPRESSION;
+# endif
+	SSL_CTX_set_options(ctx, flags);
+
 	if (CAfile || CApath) {
 		if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath))
 			ssl_err("could not set verify locations\n");
-- 
2.47.3