Overview

File openvpn-use-newertls.patch of Package openvpn.738

Index: openvpn-2.3.2/src/openvpn/ssl_openssl.c
===================================================================
--- openvpn-2.3.2.orig/src/openvpn/ssl_openssl.c
+++ openvpn-2.3.2/src/openvpn/ssl_openssl.c
@@ -114,11 +114,12 @@ tls_ctx_server_new(struct tls_root_ctx *
 {
   ASSERT(NULL != ctx);
 
-  ctx->ctx = SSL_CTX_new (TLSv1_server_method ());
+  ctx->ctx = SSL_CTX_new (SSLv23_server_method ());
 
   if (ctx->ctx == NULL)
     msg (M_SSLERR, "SSL_CTX_new TLSv1_server_method");
 
+  SSL_CTX_set_options(ctx->ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
   SSL_CTX_set_tmp_rsa_callback (ctx->ctx, tmp_rsa_cb);
 }
 
@@ -127,10 +128,12 @@ tls_ctx_client_new(struct tls_root_ctx *
 {
   ASSERT(NULL != ctx);
 
-  ctx->ctx = SSL_CTX_new (TLSv1_client_method ());
+  ctx->ctx = SSL_CTX_new (SSLv23_client_method ());
 
   if (ctx->ctx == NULL)
     msg (M_SSLERR, "SSL_CTX_new TLSv1_client_method");
+
+  SSL_CTX_set_options(ctx->ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
 }
 
 void
openSUSE Build Service is sponsored by
Places