inspircd

A modular C++ IRC daemon (ircd). https://www.inspircd.org/
Log | Files | Refs | README

commit df9ca5115b64bc5b7888dee3123d0bf6527c496d
parent dbcad43824c1e0a89b2d46faddd3d301c2b06493
Author: Peter Powell <petpow@saberuk.com>
Date:   Mon, 10 Jun 2019 11:33:55 +0100

Add a way to disable older SSL versions with ssl_openssl.

Diffstat:
Msrc/modules/extra/m_ssl_openssl.cpp | 17++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp @@ -336,14 +336,29 @@ namespace OpenSSL { long setoptions = tag->getInt(ctxname + "setoptions", 0); long clearoptions = tag->getInt(ctxname + "clearoptions", 0); + #ifdef SSL_OP_NO_COMPRESSION - if (!tag->getBool("compression", false)) // Disable compression by default + // Disable compression by default + if (!tag->getBool("compression", false)) setoptions |= SSL_OP_NO_COMPRESSION; #endif + // Disable TLSv1.0 by default. if (!tag->getBool("tlsv1", false)) setoptions |= SSL_OP_NO_TLSv1; +#ifdef SSL_OP_NO_TLSv1_1 + // Enable TLSv1.1 by default. + if (!tag->getBool("tlsv11", true)) + setoptions |= SSL_OP_NO_TLSv1_1; +#endif + +#ifdef SSL_OP_NO_TLSv1_2 + // Enable TLSv1.2 by default. + if (!tag->getBool("tlsv12", true)) + setoptions |= SSL_OP_NO_TLSv1_2; +#endif + if (!setoptions && !clearoptions) return; // Nothing to do