min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge ssl option setup 

The client will ignore server-side options so we may as well stick them
all in the same spot.
This commit is contained in:
Steven Fackler 2016-10-30 18:49:29 -07:00
parent bd457dba18
commit 997e92e052
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openssl/src/ssl/connector.rs
View File

@ -34,6 +34,9 @@ fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> {
opts &= !ssl::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
opts |= ssl::SSL_OP_NO_SSLV2;
opts |= ssl::SSL_OP_NO_SSLV3;
opts |= ssl::SSL_OP_SINGLE_DH_USE;
opts |= ssl::SSL_OP_SINGLE_ECDH_USE;
opts |= ssl::SSL_OP_CIPHER_SERVER_PREFERENCE;
ctx.set_options(opts);
Ok(ctx)
@ -117,8 +120,6 @@ impl ServerConnectorBuilder {
I::Item: AsRef<X509Ref>
{
let mut ctx = try!(ctx(method));
ctx.set_options(ssl::SSL_OP_SINGLE_DH_USE | ssl::SSL_OP_SINGLE_ECDH_USE |
ssl::SSL_OP_CIPHER_SERVER_PREFERENCE);
let dh = try!(Dh::from_pem(DHPARAM_PEM.as_bytes()));
try!(ctx.set_tmp_dh(&dh));
try!(setup_curves(&mut ctx));
@ -151,7 +152,6 @@ impl ServerConnectorBuilder {
I::Item: AsRef<X509Ref>
{
let mut ctx = try!(ctx(method));
ctx.set_options(ssl::SSL_OP_SINGLE_ECDH_USE | ssl::SSL_OP_CIPHER_SERVER_PREFERENCE);
try!(setup_curves(&mut ctx));
try!(ctx.set_cipher_list(
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\