From fb2295a243990c62c45ad1bf4dd5b796d118ae38 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 15 Oct 2014 14:11:47 +0000
Subject: Clear protocol options before optionally setting them.

---
 src/lib/libressl/ressl.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/lib/libressl/ressl.c b/src/lib/libressl/ressl.c
index b85fe04415..b500c83063 100644
--- a/src/lib/libressl/ressl.c
+++ b/src/lib/libressl/ressl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl.c,v 1.16 2014/09/29 15:31:38 jsing Exp $ */
+/* $OpenBSD: ressl.c,v 1.17 2014/10/15 14:11:47 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -173,6 +173,11 @@ ressl_configure_ssl(struct ressl *ctx)
 {
 	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);
 
+	SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);
+	SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1);
+	SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_1);
+	SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2);
+
 	if ((ctx->config->protocols & RESSL_PROTOCOL_SSLv3) == 0)
 		SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);
 	if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_0) == 0)
-- 
cgit v1.2.3-55-g6feb