From 954f22ccc0ee8a77ed96756e154993dc9e8402af Mon Sep 17 00:00:00 2001
From: J-P Nurmi <jpnurmi@gmail.com>
Date: Sun, 26 Oct 2014 11:58:33 +0100
Subject: [PATCH] Disable insecure SSLv2 & SSLv3 protocols (ref #621)

---
 include/znc/Socket.h | 4 ++--
 src/Socket.cpp       | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/include/znc/Socket.h b/include/znc/Socket.h
index 46a652ee..048207d4 100644
--- a/include/znc/Socket.h
+++ b/include/znc/Socket.h
@@ -25,8 +25,8 @@ class CModule;
 
 class CZNCSock : public Csock {
 public:
-	CZNCSock(int timeout = 60) : Csock(timeout) {}
-	CZNCSock(const CString& sHost, u_short port, int timeout = 60) : Csock(sHost, port, timeout) {}
+	CZNCSock(int timeout = 60);
+	CZNCSock(const CString& sHost, u_short port, int timeout = 60);
 	~CZNCSock() {}
 
 	virtual int ConvertAddress(const struct sockaddr_storage * pAddr, socklen_t iAddrLen, CS_STRING & sIP, u_short * piPort) const;
diff --git a/src/Socket.cpp b/src/Socket.cpp
index 97decf9f..86f83be1 100644
--- a/src/Socket.cpp
+++ b/src/Socket.cpp
@@ -18,6 +18,14 @@
 #include <znc/IRCNetwork.h>
 #include <signal.h>
 
+CZNCSock::CZNCSock(int timeout) : Csock(timeout) {
+	DisableSSLProtocols(EDP_SSL);
+}
+
+CZNCSock::CZNCSock(const CString& sHost, u_short port, int timeout) : Csock(sHost, port, timeout) {
+	DisableSSLProtocols(EDP_SSL);
+}
+
 unsigned int CSockManager::GetAnonConnectionCount(const CString &sIP) const {
 	const_iterator it;
 	unsigned int ret = 0;