summaryrefslogtreecommitdiff
path: root/vchat-ssl.c
diff options
context:
space:
mode:
authorAndreas Kotes <count@flatline.de>2014-04-15 13:06:58 +0200
committerAndreas Kotes <count@flatline.de>2014-04-15 13:06:58 +0200
commit962f887a64422c8e0a7f12131d8401211ef8cd74 (patch)
tree5e3e7a0dc460d63ed4f554b54abdedd92fd2bdaa /vchat-ssl.c
parent19375e6c61bfe3bf643786b0e7318c528e4b22a0 (diff)
allow the use of TLSv1 / TLSv1_1 again
Diffstat (limited to 'vchat-ssl.c')
-rwxr-xr-xvchat-ssl.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/vchat-ssl.c b/vchat-ssl.c
index 2b41432..0333aee 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -61,8 +61,8 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
61 X509_STORE *store = NULL; 61 X509_STORE *store = NULL;
62 vc_x509verify_cb_t verify_callback = NULL; 62 vc_x509verify_cb_t verify_callback = NULL;
63 63
64 /* Explicitly use TLSv1_2 (or maybe later) */ 64 /* Explicitly use TLSv1 (or maybe later) */
65 if( !(ctx = SSL_CTX_new(TLSv1_2_client_method())) ) 65 if( !(ctx = SSL_CTX_new(TLSv1_client_method())) )
66 VC_CTX_ERR_EXIT(store, ctx); 66 VC_CTX_ERR_EXIT(store, ctx);
67 67
68 if( !(store = vc_x509store_create(vc_store)) ) 68 if( !(store = vc_x509store_create(vc_store)) )
@@ -70,8 +70,8 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
70 70
71 SSL_CTX_set_cert_store(ctx, store); 71 SSL_CTX_set_cert_store(ctx, store);
72 store = NULL; 72 store = NULL;
73 /* Disable A LOT of insecure protocols explicitly */ 73 /* Disable some insecure protocols explicitly */
74 SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1); 74 SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
75 SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); 75 SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
76 76
77 SSL_CTX_set_verify_depth (ctx, 2); 77 SSL_CTX_set_verify_depth (ctx, 2);