Skip to content
Browse files

[Csocket] Support and default to TLSv1.2

Updates to 21ac28cc29e9256a21a9aa217e29638360c266d0 of Csocket
  • Loading branch information...
1 parent bc795f0 commit 5e90bc380bae9e2278ffe0b0ba0983bb0789c05f @kylef kylef committed
Showing with 44 additions and 2 deletions.
  1. +3 −1 include/znc/Csocket.h
  2. +41 −1 src/Csocket.cpp
View
4 include/znc/Csocket.h
@@ -591,7 +591,9 @@ class Csock : public CSockCommon
SSL23 = 0,
SSL2 = 2,
SSL3 = 3,
- TLS1 = 4
+ TLS1 = 4,
+ TLS1_1 = 5,
+ TLS1_2 = 6
};
enum ECONState
View
42 src/Csocket.cpp
@@ -1355,6 +1355,26 @@ bool Csock::SSLClientSetup()
return( false );
}
break;
+ case TLS1_2:
+#ifdef TLS1_2_VERSION
+ m_ssl_ctx = SSL_CTX_new( TLSv1_2_client_method() );
+ if( !m_ssl_ctx )
+ {
+ CS_DEBUG( "WARNING: MakeConnection .... TLSv1_2_client_method failed!" );
+ return( false );
+ }
+ break;
+#endif
+ case TLS1_1:
+#ifdef TLS1_1_VERSION
+ m_ssl_ctx = SSL_CTX_new( TLSv1_1_client_method() );
+ if( !m_ssl_ctx )
+ {
+ CS_DEBUG( "WARNING: MakeConnection .... TLSv1_1_client_method failed!" );
+ return( false );
+ }
+ break;
+#endif
case TLS1:
m_ssl_ctx = SSL_CTX_new( TLSv1_client_method() );
if( !m_ssl_ctx )
@@ -1452,6 +1472,26 @@ bool Csock::SSLServerSetup()
return( false );
}
break;
+ case TLS1_2:
+#ifdef TLS1_2_VERSION
+ m_ssl_ctx = SSL_CTX_new( TLSv1_2_server_method() );
+ if( !m_ssl_ctx )
+ {
+ CS_DEBUG( "WARNING: MakeConnection .... TLSv1_2_server_method failed!" );
+ return( false );
+ }
+ break;
+#endif
+ case TLS1_1:
+#ifdef TLS1_1_VERSION
+ m_ssl_ctx = SSL_CTX_new( TLSv1_1_server_method() );
+ if( !m_ssl_ctx )
+ {
+ CS_DEBUG( "WARNING: MakeConnection .... TLSv1_1_server_method failed!" );
+ return( false );
+ }
+ break;
+#endif
case TLS1:
m_ssl_ctx = SSL_CTX_new( TLSv1_server_method() );
if( !m_ssl_ctx )
@@ -2711,7 +2751,7 @@ void Csock::Init( const CS_STRING & sHostname, uint16_t uPort, int iTimeout )
m_shostname = sHostname;
m_sbuffer.clear();
m_eCloseType = CLT_DONT;
- m_iMethod = SSL23;
+ m_iMethod = TLS1_2; // Falls though TLSv1.1 and TLSv1 if not available
m_sCipherType = "ALL";
m_iMaxBytes = 0;
m_iMaxMilliSeconds = 0;

0 comments on commit 5e90bc3

Please sign in to comment.
Something went wrong with that request. Please try again.