AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-22 17:39:53 +03:00
Code Releases Activity

Run SSL_CTX_set_ssl_version earlier

Browse Source 
SSL_CTX_set_ssl_version may change security level.
This commit is contained in:
Takuho NAKANO 2020-05-20 11:59:36 +09:00 committed by Davide Beatrici
parent 7fdacec2a6
commit c029b34b80
1 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/Mayaqua/Network.c
View File

@ -16812,6 +16812,20 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode)
{ {
struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method()); struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method());
// It resets some parameters.
if (server_mode)
{
SSL_CTX_set_ssl_version(ctx, SSLv23_server_method());
}
else
{
SSL_CTX_set_ssl_version(ctx, SSLv23_client_method());
}
#ifdef SSL_OP_NO_SSLv3
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
#endif // SSL_OP_NO_SSLv3
#ifdef SSL_OP_NO_TICKET #ifdef SSL_OP_NO_TICKET
SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET); SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
#endif // SSL_OP_NO_TICKET #endif // SSL_OP_NO_TICKET
@ -16829,19 +16843,6 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode)
SSL_CTX_set_ecdh_auto(ctx, 1); SSL_CTX_set_ecdh_auto(ctx, 1);
#endif // SSL_CTX_set_ecdh_auto #endif // SSL_CTX_set_ecdh_auto
if (server_mode)
{
SSL_CTX_set_ssl_version(ctx, SSLv23_server_method());
}
else
{
SSL_CTX_set_ssl_version(ctx, SSLv23_client_method());
}
#ifdef SSL_OP_NO_SSLv3
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
#endif // SSL_OP_NO_SSLv3
return ctx; return ctx;
} }