diff --git a/src/common/ssl.c b/src/common/ssl.c index cfa9b6cf..e929a1aa 100644 --- a/src/common/ssl.c +++ b/src/common/ssl.c @@ -37,6 +37,11 @@ #include #include "util.h" +/* If openssl was built without ec */ +#ifndef SSL_OP_SINGLE_ECDH_USE +#define SSL_OP_SINGLE_ECDH_USE 0 +#endif + /* globals */ static struct chiper_info chiper_info; /* static buffer for _SSL_get_cipher_info() */ static char err_buf[256]; /* generic error buffer */ @@ -82,6 +87,11 @@ _SSL_context_init (void (*info_cb_func), int server) SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH); SSL_CTX_set_timeout (ctx, 300); + SSL_CTX_set_options (ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3 + |SSL_OP_NO_COMPRESSION + |SSL_OP_SINGLE_DH_USE|SSL_OP_SINGLE_ECDH_USE + |SSL_OP_NO_TICKET + |SSL_OP_CIPHER_SERVER_PREFERENCE); /* used in SSL_connect(), SSL_accept() */ SSL_CTX_set_info_callback (ctx, info_cb_func);