iarv/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-03-28 17:42:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Config option for SSL protocols (resolves #720)

Browse Source 
ZNC currently disables SSLv2 and SSLv3 by default. To keep the ZNC
defaults (recommended, may change in the future versions) and for
example disable TLSv1 in addition, specify in the global config
section:

    SSLProtocols = -TLSv1

Available (case-insentive) values are:

    All, SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2

A non-prefixed "absolute" value overrides the ZNC defaults:

    SSLProtocols = TLSV1 +TLSv1.1 +TLSv1.2
This commit is contained in:
J-P Nurmi
2014-11-06 20:39:00 +01:00
parent 54e8b62b87
commit b759c68847
3 changed files with 50 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Socket.cpp
View File

@@ -22,7 +22,7 @@
CZNCSock::CZNCSock(int timeout) : Csock(timeout) {
#ifdef HAVE_LIBSSL
DisableSSLCompression();
DisableSSLProtocols(EDP_SSL);
DisableSSLProtocols(CZNC::Get().GetDisabledSSLProtocols());
CString sCipher = CZNC::Get().GetSSLCiphers();
if (!sCipher.empty()) {
SetCipher(sCipher);
@@ -33,7 +33,7 @@ CZNCSock::CZNCSock(int timeout) : Csock(timeout) {
CZNCSock::CZNCSock(const CString& sHost, u_short port, int timeout) : Csock(sHost, port, timeout) {
#ifdef HAVE_LIBSSL
DisableSSLCompression();
DisableSSLProtocols(EDP_SSL);
DisableSSLProtocols(CZNC::Get().GetDisabledSSLProtocols());
CString sCipher = CZNC::Get().GetSSLCiphers();
if (!sCipher.empty()) {
SetCipher(sCipher);