summaryrefslogtreecommitdiffstats
path: root/contrib/serf/buckets/ssl_buckets.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/serf/buckets/ssl_buckets.c')
-rw-r--r--contrib/serf/buckets/ssl_buckets.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/contrib/serf/buckets/ssl_buckets.c b/contrib/serf/buckets/ssl_buckets.c
index d2fe51d..579814e 100644
--- a/contrib/serf/buckets/ssl_buckets.c
+++ b/contrib/serf/buckets/ssl_buckets.c
@@ -1317,7 +1317,9 @@ static serf_ssl_context_t *ssl_init_context(serf_bucket_alloc_t *allocator)
ssl_ctx->pool = serf_bucket_allocator_get_pool(allocator);
ssl_ctx->allocator = allocator;
+ /* Use the best possible protocol version, but disable the broken SSLv2/3 */
ssl_ctx->ctx = SSL_CTX_new(SSLv23_client_method());
+ SSL_CTX_set_options(ssl_ctx->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
SSL_CTX_set_client_cert_cb(ssl_ctx->ctx, ssl_need_client_cert);
ssl_ctx->cached_cert = 0;
OpenPOWER on IntegriCloud