diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index e07efeaa..4096cc29 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -207,9 +207,7 @@ impl SslAcceptor { /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS pub fn mozilla_intermediate_v5(method: SslMethod) -> Result { let mut ctx = ctx(method)?; - ctx.set_options(SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_2); - #[cfg(ossl111)] - ctx.clear_options(SslOptions::NO_TLSV1_3); + ctx.set_options(SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1); let dh = Dh::params_from_pem(FFDHE_2048.as_bytes())?; ctx.set_tmp_dh(&dh)?; setup_curves(&mut ctx)?; @@ -219,7 +217,9 @@ impl SslAcceptor { DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" )?; #[cfg(ossl111)] - ctx.set_ciphersuites("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")?; + ctx.set_ciphersuites( + "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256", + )?; Ok(SslAcceptorBuilder(ctx)) } @@ -235,7 +235,9 @@ impl SslAcceptor { pub fn mozilla_modern_v5(method: SslMethod) -> Result { let mut ctx = ctx(method)?; ctx.set_options(SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_3); - ctx.set_ciphersuites("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")?; + ctx.set_ciphersuites( + "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256", + )?; Ok(SslAcceptorBuilder(ctx)) } @@ -277,7 +279,9 @@ impl SslAcceptor { // FIXME remove in next major version pub fn mozilla_modern(method: SslMethod) -> Result { let mut ctx = ctx(method)?; - ctx.set_options(SslOptions::CIPHER_SERVER_PREFERENCE | SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1); + ctx.set_options( + SslOptions::CIPHER_SERVER_PREFERENCE | SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1, + ); #[cfg(ossl111)] ctx.set_options(SslOptions::NO_TLSV1_3); setup_curves(&mut ctx)?;