Skip to content

Commit

Permalink
Disable weak ciphers in OpenSSL driver.
Browse files Browse the repository at this point in the history
  • Loading branch information
@rraptorr @badlop
rraptorr authored and badlop committed Sep 20, 2011
1 parent cf04b03 commit be1d44b
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions c_src/exmpp_tls_openssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
#include "exmpp_tls.h"

#define DRIVER_NAME exmpp_tls_openssl
#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2"

#define BUF_SIZE 1024

Expand Down Expand Up @@ -601,6 +602,8 @@ init_library(struct exmpp_tls_openssl_data *edd,
// SSL 2.0 is deprecated for many years
SSL_CTX_set_options(edd->ctx, SSL_OP_NO_SSLv2);

SSL_CTX_set_cipher_list(edd->ctx, CIPHERS);

/*
* Since sessions are cached in SSL_CTX and currently new context
* is used for every connection, then session caching makes little
Expand Down

0 comments on commit be1d44b

Please sign in to comment.