projects
/
umurmur.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge pull request #99 from C4K3/show-addresses-option
[umurmur.git]
/
src
/
ssli_openssl.c
diff --git
a/src/ssli_openssl.c
b/src/ssli_openssl.c
index bcd4d9e7897ea24005d76c6034de801772b9bc38..0f631d20276a2c1dc0cca6ae5a085c95cdc53e87 100644
(file)
--- a/
src/ssli_openssl.c
+++ b/
src/ssli_openssl.c
@@
-49,6
+49,8
@@
static RSA *rsa;
static SSL_CTX *context;
static EVP_PKEY *pkey;
static SSL_CTX *context;
static EVP_PKEY *pkey;
+static char const * ciphers = "EECDH+AESGCM:AES256-SHA:AES128-SHA";
+
static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx);
static int SSL_add_ext(X509 * crt, int nid, char *value) {
static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx);
static int SSL_add_ext(X509 * crt, int nid, char *value) {
@@
-221,12
+223,20
@@
void SSLi_init(void)
ERR_load_crypto_strings();
context = SSL_CTX_new(SSLv23_server_method());
ERR_load_crypto_strings();
context = SSL_CTX_new(SSLv23_server_method());
+ SSL_CTX_set_options(context, SSL_OP_NO_SSLv2);
+ SSL_CTX_set_options(context, SSL_OP_NO_SSLv3);
if (context == NULL)
{
ERR_print_errors_fp(stderr);
abort();
}
if (context == NULL)
{
ERR_print_errors_fp(stderr);
abort();
}
+ SSL_CTX_set_cipher_list(context, ciphers);
+
+ EC_KEY *ecdhkey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ SSL_CTX_set_tmp_ecdh(context, ecdhkey);
+ EC_KEY_free(ecdhkey);
+
char const * sslCAPath = getStrConf(CAPATH);
if(sslCAPath != NULL)
{
char const * sslCAPath = getStrConf(CAPATH);
if(sslCAPath != NULL)
{