diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2014-10-15 14:11:48 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-10-15 14:11:48 +0000 |
| commit | 2528539e462d8a5a072b61f6ceeac0dafc89bb44 (patch) | |
| tree | d47f63d18e1577d05a2e37222af1d8d2da1560aa | |
| parent | c67f80e7c0d909fbcc18da1ba59af92e156c5fbd (diff) | |
Clear protocol options before optionally setting them.
| -rw-r--r-- | lib/libressl/ressl.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/libressl/ressl.c b/lib/libressl/ressl.c index b85fe044155..b500c830639 100644 --- a/lib/libressl/ressl.c +++ b/lib/libressl/ressl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ressl.c,v 1.16 2014/09/29 15:31:38 jsing Exp $ */ +/* $OpenBSD: ressl.c,v 1.17 2014/10/15 14:11:47 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -173,6 +173,11 @@ ressl_configure_ssl(struct ressl *ctx) { SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2); + SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3); + SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1); + SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_1); + SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2); + if ((ctx->config->protocols & RESSL_PROTOCOL_SSLv3) == 0) SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3); if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_0) == 0) |