1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-22 09:29:52 +03:00

Run SSL_CTX_set_ssl_version earlier

SSL_CTX_set_ssl_version may change security level.
This commit is contained in:
Takuho NAKANO 2020-05-20 11:59:36 +09:00 committed by Davide Beatrici
parent 7fdacec2a6
commit c029b34b80

View File

@ -16812,6 +16812,20 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode)
{
struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method());
// It resets some parameters.
if (server_mode)
{
SSL_CTX_set_ssl_version(ctx, SSLv23_server_method());
}
else
{
SSL_CTX_set_ssl_version(ctx, SSLv23_client_method());
}
#ifdef SSL_OP_NO_SSLv3
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
#endif // SSL_OP_NO_SSLv3
#ifdef SSL_OP_NO_TICKET
SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
#endif // SSL_OP_NO_TICKET
@ -16829,19 +16843,6 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode)
SSL_CTX_set_ecdh_auto(ctx, 1);
#endif // SSL_CTX_set_ecdh_auto
if (server_mode)
{
SSL_CTX_set_ssl_version(ctx, SSLv23_server_method());
}
else
{
SSL_CTX_set_ssl_version(ctx, SSLv23_client_method());
}
#ifdef SSL_OP_NO_SSLv3
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
#endif // SSL_OP_NO_SSLv3
return ctx;
}