mirror of
https://github.com/anope/anope.git
synced 2026-07-03 05:13:14 +02:00
m_ssl_openssl: Allow disabling SSLv3 via the config
This commit is contained in:
@@ -620,6 +620,14 @@ module { name = "help" }
|
||||
*/
|
||||
cert = "data/anope.crt"
|
||||
key = "data/anope.key"
|
||||
|
||||
/*
|
||||
* As of 2014 SSL 3.0 is considered insecure, but it might be enabled
|
||||
* on some systems by default for compatibility reasons.
|
||||
* You can use the following option to enable or disable it explicitly.
|
||||
* Leaving this option not set defaults to the default system behavior.
|
||||
*/
|
||||
#sslv3 = no
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@@ -162,6 +162,20 @@ class SSLModule : public Module
|
||||
Log() << "Unable to open private key " << this->keyfile;
|
||||
}
|
||||
|
||||
// Allow disabling SSLv3
|
||||
if (!config->Get<Anope::string>("sslv3").empty())
|
||||
{
|
||||
if (config->Get<bool>("sslv3"))
|
||||
{
|
||||
SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3);
|
||||
SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3);
|
||||
}
|
||||
else
|
||||
{
|
||||
SSL_CTX_set_options(client_ctx, SSL_OP_NO_SSLv3);
|
||||
SSL_CTX_set_options(server_ctx, SSL_OP_NO_SSLv3);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void OnPreServerConnect() anope_override
|
||||
|
||||
Reference in New Issue
Block a user