mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-22 09:29:52 +03:00
Run SSL_CTX_set_ssl_version earlier
SSL_CTX_set_ssl_version may change security level.
This commit is contained in:
parent
7fdacec2a6
commit
c029b34b80
@ -16812,6 +16812,20 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode)
|
||||
{
|
||||
struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method());
|
||||
|
||||
// It resets some parameters.
|
||||
if (server_mode)
|
||||
{
|
||||
SSL_CTX_set_ssl_version(ctx, SSLv23_server_method());
|
||||
}
|
||||
else
|
||||
{
|
||||
SSL_CTX_set_ssl_version(ctx, SSLv23_client_method());
|
||||
}
|
||||
|
||||
#ifdef SSL_OP_NO_SSLv3
|
||||
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
|
||||
#endif // SSL_OP_NO_SSLv3
|
||||
|
||||
#ifdef SSL_OP_NO_TICKET
|
||||
SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
|
||||
#endif // SSL_OP_NO_TICKET
|
||||
@ -16829,19 +16843,6 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode)
|
||||
SSL_CTX_set_ecdh_auto(ctx, 1);
|
||||
#endif // SSL_CTX_set_ecdh_auto
|
||||
|
||||
if (server_mode)
|
||||
{
|
||||
SSL_CTX_set_ssl_version(ctx, SSLv23_server_method());
|
||||
}
|
||||
else
|
||||
{
|
||||
SSL_CTX_set_ssl_version(ctx, SSLv23_client_method());
|
||||
}
|
||||
|
||||
#ifdef SSL_OP_NO_SSLv3
|
||||
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
|
||||
#endif // SSL_OP_NO_SSLv3
|
||||
|
||||
return ctx;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user