Clear protocol options before optionally setting them.

author: jsing <> 2014-10-15 14:11:47 +0000
committer: jsing <> 2014-10-15 14:11:47 +0000
commit: fb2295a243990c62c45ad1bf4dd5b796d118ae38 (patch)
tree: 89d9ca49dca81a85b7edf6aede2bca8df02f8eaf /src/lib
parent: 63c863c8cc1f3a95888709f9528840589a9e567f (diff)
download: openbsd-fb2295a243990c62c45ad1bf4dd5b796d118ae38.tar.gz
openbsd-fb2295a243990c62c45ad1bf4dd5b796d118ae38.tar.bz2
openbsd-fb2295a243990c62c45ad1bf4dd5b796d118ae38.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/libressl/ressl.c b/src/lib/libressl/ressl.c
index b85fe04415..b500c83063 100644
--- a/src/lib/libressl/ressl.c
+++ b/src/lib/libressl/ressl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl.c,v 1.16 2014/09/29 15:31:38 jsing Exp $ */
+/* $OpenBSD: ressl.c,v 1.17 2014/10/15 14:11:47 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -173,6 +173,11 @@ ressl_configure_ssl(struct ressl *ctx)
 {
        SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);
+        SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);
+        SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1);
+        SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_1);
+        SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2);
        if ((ctx->config->protocols & RESSL_PROTOCOL_SSLv3) == 0)
                SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);
        if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_0) == 0)
author	jsing <>	2014-10-15 14:11:47 +0000
committer	jsing <>	2014-10-15 14:11:47 +0000
commit	fb2295a243990c62c45ad1bf4dd5b796d118ae38 (patch)
tree	89d9ca49dca81a85b7edf6aede2bca8df02f8eaf /src/lib
parent	63c863c8cc1f3a95888709f9528840589a9e567f (diff)
download	openbsd-fb2295a243990c62c45ad1bf4dd5b796d118ae38.tar.gz openbsd-fb2295a243990c62c45ad1bf4dd5b796d118ae38.tar.bz2 openbsd-fb2295a243990c62c45ad1bf4dd5b796d118ae38.zip