Merge pull request #33 from Argure/master
Enable use of ECDHE in Charybdis on OpenSSL versions that support this.
This commit is contained in:
William Pitcock
commit
d8c3d5fe97
2 changed files with 9 additions and 0 deletions
|
|
@ -32,6 +32,10 @@ Feature Specific Requirements:
|
|||
|
||||
- For encrypted oper and (optional) server passwords, a working DES, MD5, or SHA library
|
||||
implementing crypt().
|
||||
|
||||
- For ECDHE, OpenSSL 1.0.0 or newer is required. RHEL/Fedora and derivatives like CentOS
|
||||
will need to compile OpenSSL from source, as ECC/ECDHE-functionality is removed from
|
||||
the OpenSSL package in these distributions.
|
||||
|
||||
*******************************************************************************
|
||||
|
||||
|
|
|
|||
|
|
@ -314,6 +314,11 @@ rb_init_ssl(void)
|
|||
/* Disable SSLv2, make the client use our settings */
|
||||
SSL_CTX_set_options(ssl_server_ctx, SSL_OP_NO_SSLv2 | SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
SSL_CTX_set_verify(ssl_server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, verify_accept_all_cb);
|
||||
|
||||
/* Set ECDHE on OpenSSL 1.00+ */
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x10000000)
|
||||
SSL_CTX_set_tmp_ecdh(ssl_server_ctx, EC_KEY_new_by_curve_name(NID_secp384r1));
|
||||
#endif
|
||||
|
||||
ssl_client_ctx = SSL_CTX_new(TLSv1_client_method());
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue