From 0d47d4890abf77fc20f1aa3002c28485f4dad831 Mon Sep 17 00:00:00 2001 From: Lauri Kasanen Date: Wed, 14 Oct 2020 14:39:33 +0300 Subject: [PATCH] Enable TLS 1.1 and 1.2 --- common/network/websocket.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/common/network/websocket.c b/common/network/websocket.c index 3bc3b7f..6585402 100644 --- a/common/network/websocket.c +++ b/common/network/websocket.c @@ -160,12 +160,14 @@ ws_ctx_t *ws_socket_ssl(ws_ctx_t *ctx, int socket, char * certfile, char * keyfi } - ctx->ssl_ctx = SSL_CTX_new(TLSv1_server_method()); + ctx->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); if (ctx->ssl_ctx == NULL) { ERR_print_errors_fp(stderr); fatal("Failed to configure SSL context"); } + SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); + if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, use_keyfile, SSL_FILETYPE_PEM) <= 0) { sprintf(msg, "Unable to load private key file %s\n", use_keyfile);