[glib-networking: 50/129] Disable SSLv2 and SSLv3



commit 68d1bbaaf1fb183f5390d64f517ef657c98c7655
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date:   Wed Sep 27 16:02:13 2017 +0200

    Disable SSLv2 and SSLv3
    
    It is not secure enough

 tls/openssl/gtlsserverconnection-openssl.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
---
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index e9add65..ee5e8db 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -230,9 +230,11 @@ g_tls_server_connection_openssl_initable_init (GInitable       *initable,
       return FALSE;
     }
 
-  options = SSL_OP_NO_TICKET;
+  options = SSL_OP_NO_TICKET |
+            SSL_OP_NO_SSLv2 |
+            SSL_OP_NO_SSLv3;
 
-  /* Only TLS 1.2 or higher */
+  /* Only TLS 1.0 or higher */
   SSL_CTX_set_options (priv->ssl_ctx, options);
 
   cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (initable));


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]