From c029b34b806b4fa05319e86c599b36cf63c3d707 Mon Sep 17 00:00:00 2001
From: Takuho NAKANO <takotakot@users.noreply.github.com>
Date: Wed, 20 May 2020 11:59:36 +0900
Subject: [PATCH] Run SSL_CTX_set_ssl_version earlier

SSL_CTX_set_ssl_version may change security level.
---
 src/Mayaqua/Network.c | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/src/Mayaqua/Network.c b/src/Mayaqua/Network.c
index 9a0834d3..ed1e1c9a 100644
--- a/src/Mayaqua/Network.c
+++ b/src/Mayaqua/Network.c
@@ -16812,6 +16812,20 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode)
 {
 	struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method());
 
+	// It resets some parameters.
+	if (server_mode)
+	{
+		SSL_CTX_set_ssl_version(ctx, SSLv23_server_method());
+	}
+	else
+	{
+		SSL_CTX_set_ssl_version(ctx, SSLv23_client_method());
+	}
+
+#ifdef	SSL_OP_NO_SSLv3
+	SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
+#endif	// SSL_OP_NO_SSLv3
+
 #ifdef	SSL_OP_NO_TICKET
 	SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
 #endif	// SSL_OP_NO_TICKET
@@ -16829,19 +16843,6 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode)
 	SSL_CTX_set_ecdh_auto(ctx, 1);
 #endif	// SSL_CTX_set_ecdh_auto
 
-	if (server_mode)
-	{
-		SSL_CTX_set_ssl_version(ctx, SSLv23_server_method());
-	}
-	else
-	{
-		SSL_CTX_set_ssl_version(ctx, SSLv23_client_method());
-	}
-
-#ifdef	SSL_OP_NO_SSLv3
-	SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
-#endif	// SSL_OP_NO_SSLv3
-
 	return ctx;
 }