ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid/trunk/src/ircd.c
(Generate patch)

Comparing ircd-hybrid/trunk/src/ircd.c (file contents):
Revision 4133 by michael, Tue Jul 1 21:43:15 2014 UTC vs.
Revision 4161 by michael, Thu Jul 3 18:25:53 2014 UTC

# Line 434 | Line 434 | ssl_init(void)
434    }
435  
436    SSL_CTX_set_options(ServerInfo.server_ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1);
437 <  SSL_CTX_set_options(ServerInfo.server_ctx, SSL_OP_TLS_ROLLBACK_BUG);
437 >  SSL_CTX_set_options(ServerInfo.server_ctx, SSL_OP_SINGLE_DH_USE);
438    SSL_CTX_set_verify(ServerInfo.server_ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
439                       always_accept_verify_cb);
440    SSL_CTX_set_session_id_context(ServerInfo.server_ctx, session_id, sizeof(session_id) - 1);
# Line 462 | Line 462 | ssl_init(void)
462    }
463  
464    SSL_CTX_set_options(ServerInfo.client_ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1);
465 <  SSL_CTX_set_options(ServerInfo.client_ctx, SSL_OP_TLS_ROLLBACK_BUG);
465 >  SSL_CTX_set_options(ServerInfo.client_ctx, SSL_OP_SINGLE_DH_USE);
466    SSL_CTX_set_verify(ServerInfo.client_ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
467                       always_accept_verify_cb);
468   #endif /* HAVE_LIBCRYPTO */

Diff Legend

Removed lines
+ Added lines
< Changed lines (old)
> Changed lines (new)