From a27744bca61a07bf5d82f1d5703d067430d22818 Mon Sep 17 00:00:00 2001 From: Lauri Kasanen Date: Wed, 14 Oct 2020 14:39:33 +0300 Subject: [PATCH] Enable TLS 1.1 and 1.2 --- common/network/websocket.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/common/network/websocket.c b/common/network/websocket.c index 0278b76..b52a040 100644 --- a/common/network/websocket.c +++ b/common/network/websocket.c @@ -161,12 +161,14 @@ ws_ctx_t *ws_socket_ssl(ws_ctx_t *ctx, int socket, char * certfile, char * keyfi } - ctx->ssl_ctx = SSL_CTX_new(TLSv1_server_method()); + ctx->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); if (ctx->ssl_ctx == NULL) { ERR_print_errors_fp(stderr); fatal("Failed to configure SSL context"); } + SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); + if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, use_keyfile, SSL_FILETYPE_PEM) <= 0) { sprintf(msg, "Unable to load private key file %s\n", use_keyfile);