Clear protocol options before optionally setting them.

author: jsing <> 2014-10-15 14:11:47 +0000
committer: jsing <> 2014-10-15 14:11:47 +0000
commit: 2363d4ccbfbd5cb97ddca8e4b83a9ebe72751ec5 (patch)
tree: 89d9ca49dca81a85b7edf6aede2bca8df02f8eaf /src
parent: b404682046e264527afa00e32ec29a6479071ac1 (diff)
download: openbsd-2363d4ccbfbd5cb97ddca8e4b83a9ebe72751ec5.tar.gz
openbsd-2363d4ccbfbd5cb97ddca8e4b83a9ebe72751ec5.tar.bz2
openbsd-2363d4ccbfbd5cb97ddca8e4b83a9ebe72751ec5.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/libressl/ressl.c b/src/lib/libressl/ressl.c
index b85fe04415..b500c83063 100644
--- a/src/lib/libressl/ressl.c
+++ b/src/lib/libressl/ressl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl.c,v 1.16 2014/09/29 15:31:38 jsing Exp $ */
+/* $OpenBSD: ressl.c,v 1.17 2014/10/15 14:11:47 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -173,6 +173,11 @@ ressl_configure_ssl(struct ressl *ctx)
 {
        SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);
+        SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);
+        SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1);
+        SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_1);
+        SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2);
        if ((ctx->config->protocols & RESSL_PROTOCOL_SSLv3) == 0)
                SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);
        if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_0) == 0)
author	jsing <>	2014-10-15 14:11:47 +0000
committer	jsing <>	2014-10-15 14:11:47 +0000
commit	2363d4ccbfbd5cb97ddca8e4b83a9ebe72751ec5 (patch)
tree	89d9ca49dca81a85b7edf6aede2bca8df02f8eaf /src
parent	b404682046e264527afa00e32ec29a6479071ac1 (diff)
download	openbsd-2363d4ccbfbd5cb97ddca8e4b83a9ebe72751ec5.tar.gz openbsd-2363d4ccbfbd5cb97ddca8e4b83a9ebe72751ec5.tar.bz2 openbsd-2363d4ccbfbd5cb97ddca8e4b83a9ebe72751ec5.zip