kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 81bc889abc5b80ccda257e3cb17e5a56ba34e2b7
parent 9bb7001813cca94bd925d2f092bbc10e4a9a9fff
Author: Joris Vink <joris@coders.se>
Date:   Wed, 22 Oct 2014 08:36:50 +0200

Make ktunnel example tls1.2 only

Diffstat:
examples/ktunnel/client/client.c | 8++++++--
1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/examples/ktunnel/client/client.c b/examples/ktunnel/client/client.c @@ -352,7 +352,6 @@ ktunnel_connect(struct peer *peer, struct addrinfo *ai) /* * XXX - * - Make this TLSv1.2 only * - Add our client certs * - Verify server cert properly * - ... @@ -360,10 +359,15 @@ ktunnel_connect(struct peer *peer, struct addrinfo *ai) SSL_library_init(); SSL_load_error_strings(); - if ((peer->ssl_ctx = SSL_CTX_new(SSLv3_method())) == NULL) + if ((peer->ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) fatal("SSL_CTX_new(): %s", ssl_errno_s); SSL_CTX_set_mode(peer->ssl_ctx, SSL_MODE_AUTO_RETRY); + SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_NO_SSLv2); + SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_NO_SSLv3); + SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_NO_TLSv1); + SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_NO_TLSv1_1); + if ((peer->ssl = SSL_new(peer->ssl_ctx)) == NULL) fatal("SSL_new(): %s", ssl_errno_s); if (!SSL_set_fd(peer->ssl, peer->fd))