|
@@ -16,6 +16,9 @@
|
|
|
#include "ds.h"
|
|
|
|
|
|
int openSslLoaded = 0;
|
|
|
+char *availableCiphers = "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:"
|
|
|
+ "+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:"
|
|
|
+ "!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA";
|
|
|
|
|
|
void *clear(void *ptr){
|
|
|
int e = errno;
|
|
@@ -227,9 +230,9 @@ tlsDs startSockTls(ds d, const char *cert, const char *key, const char *dh){
|
|
|
loadOpenSSL(dh);
|
|
|
SSL_CTX * ctx = NULL;
|
|
|
if(d->server)
|
|
|
- ctx = SSL_CTX_new(TLSv1_server_method());
|
|
|
+ ctx = SSL_CTX_new(TLSv1_1_server_method());
|
|
|
else
|
|
|
- ctx = SSL_CTX_new(TLSv1_client_method());
|
|
|
+ ctx = SSL_CTX_new(TLSv1_1_client_method());
|
|
|
if(!ctx)
|
|
|
return NULL;
|
|
|
if(d->server){
|
|
@@ -256,6 +259,11 @@ tlsDs startSockTls(ds d, const char *cert, const char *key, const char *dh){
|
|
|
closeFd(f);
|
|
|
return clear(ctx);
|
|
|
}
|
|
|
+ if(SSL_CTX_set_cipher_list(ctx, availableCiphers) <= 0){
|
|
|
+ int f = prepareToClose(d);
|
|
|
+ closeFd(f);
|
|
|
+ return clear(ctx);
|
|
|
+ }
|
|
|
tlsDs t = (tlsDs)malloc(sizeof(s_tlsDs));
|
|
|
t->original = d;
|
|
|
if(!(t->s = SSL_new(ctx))){
|