Merge ssl option setup
The client will ignore server-side options so we may as well stick them all in the same spot.
This commit is contained in:
Steven Fackler
parent
bd457dba18
commit
997e92e052
|
|
@ -34,6 +34,9 @@ fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> {
|
||||||
opts &= !ssl::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
|
opts &= !ssl::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
|
||||||
opts |= ssl::SSL_OP_NO_SSLV2;
|
opts |= ssl::SSL_OP_NO_SSLV2;
|
||||||
opts |= ssl::SSL_OP_NO_SSLV3;
|
opts |= ssl::SSL_OP_NO_SSLV3;
|
||||||
|
opts |= ssl::SSL_OP_SINGLE_DH_USE;
|
||||||
|
opts |= ssl::SSL_OP_SINGLE_ECDH_USE;
|
||||||
|
opts |= ssl::SSL_OP_CIPHER_SERVER_PREFERENCE;
|
||||||
ctx.set_options(opts);
|
ctx.set_options(opts);
|
||||||
|
|
||||||
Ok(ctx)
|
Ok(ctx)
|
||||||
|
|
@ -117,8 +120,6 @@ impl ServerConnectorBuilder {
|
||||||
I::Item: AsRef<X509Ref>
|
I::Item: AsRef<X509Ref>
|
||||||
{
|
{
|
||||||
let mut ctx = try!(ctx(method));
|
let mut ctx = try!(ctx(method));
|
||||||
ctx.set_options(ssl::SSL_OP_SINGLE_DH_USE | ssl::SSL_OP_SINGLE_ECDH_USE |
|
|
||||||
ssl::SSL_OP_CIPHER_SERVER_PREFERENCE);
|
|
||||||
let dh = try!(Dh::from_pem(DHPARAM_PEM.as_bytes()));
|
let dh = try!(Dh::from_pem(DHPARAM_PEM.as_bytes()));
|
||||||
try!(ctx.set_tmp_dh(&dh));
|
try!(ctx.set_tmp_dh(&dh));
|
||||||
try!(setup_curves(&mut ctx));
|
try!(setup_curves(&mut ctx));
|
||||||
|
|
@ -151,7 +152,6 @@ impl ServerConnectorBuilder {
|
||||||
I::Item: AsRef<X509Ref>
|
I::Item: AsRef<X509Ref>
|
||||||
{
|
{
|
||||||
let mut ctx = try!(ctx(method));
|
let mut ctx = try!(ctx(method));
|
||||||
ctx.set_options(ssl::SSL_OP_SINGLE_ECDH_USE | ssl::SSL_OP_CIPHER_SERVER_PREFERENCE);
|
|
||||||
try!(setup_curves(&mut ctx));
|
try!(setup_curves(&mut ctx));
|
||||||
try!(ctx.set_cipher_list(
|
try!(ctx.set_cipher_list(
|
||||||
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\
|
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue