[glib-networking: 50/129] Disable SSLv2 and SSLv3
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking: 50/129] Disable SSLv2 and SSLv3
- Date: Sat, 2 Feb 2019 22:47:35 +0000 (UTC)
commit 68d1bbaaf1fb183f5390d64f517ef657c98c7655
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date: Wed Sep 27 16:02:13 2017 +0200
Disable SSLv2 and SSLv3
It is not secure enough
tls/openssl/gtlsserverconnection-openssl.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
---
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index e9add65..ee5e8db 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -230,9 +230,11 @@ g_tls_server_connection_openssl_initable_init (GInitable *initable,
return FALSE;
}
- options = SSL_OP_NO_TICKET;
+ options = SSL_OP_NO_TICKET |
+ SSL_OP_NO_SSLv2 |
+ SSL_OP_NO_SSLv3;
- /* Only TLS 1.2 or higher */
+ /* Only TLS 1.0 or higher */
SSL_CTX_set_options (priv->ssl_ctx, options);
cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (initable));
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]