|
Line 0
Link Here
|
|
|
1 |
diff -urN ftimes-3.11.0.old/src/ssl.c ftimes-3.11.0.new/src/ssl.c |
| 2 |
--- src/ssl.c 2014-07-18 02:40:44.000000000 -0400 |
| 3 |
+++ src/ssl.c 2016-01-13 11:13:51.513075930 -0500 |
| 4 |
@@ -251,7 +251,7 @@ |
| 5 |
* |
| 6 |
********************************************************************* |
| 7 |
*/ |
| 8 |
- psProperties->psslCTX = SSL_CTX_new(SSLv3_client_method()); |
| 9 |
+ psProperties->psslCTX = SSL_CTX_new(SSLv23_client_method()); |
| 10 |
if (psProperties->psslCTX == NULL) |
| 11 |
{ |
| 12 |
ERR_error_string(ERR_get_error(), acLocalError); |
| 13 |
@@ -262,6 +262,24 @@ |
| 14 |
/*- |
| 15 |
********************************************************************* |
| 16 |
* |
| 17 |
+ * Disable protocol versions that are no longer safe to use. |
| 18 |
+ * |
| 19 |
+ ********************************************************************* |
| 20 |
+ */ |
| 21 |
+ SSL_CTX_set_options |
| 22 |
+ ( |
| 23 |
+ psProperties->psslCTX, |
| 24 |
+ ( |
| 25 |
+ SSL_OP_NO_SSLv2 |
| 26 |
+ | SSL_OP_NO_SSLv3 |
| 27 |
+ | SSL_OP_NO_TLSv1 |
| 28 |
+ | SSL_OP_NO_TLSv1_1 |
| 29 |
+ ) |
| 30 |
+ ); |
| 31 |
+ |
| 32 |
+ /*- |
| 33 |
+ ********************************************************************* |
| 34 |
+ * |
| 35 |
* Setup SSL certificate verification. Load the bundled certificate |
| 36 |
* authorities file. A common name (CN) and a positive chain length |
| 37 |
* must be specified to activate PEER verification. If you want to |