aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/ssl_lib.c
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2016-03-01 17:58:15 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2016-03-01 17:58:15 +0000
commit8f9fae4c4537bd423d1a266b3280c396a2e90f44 (patch)
treeaf1124f2b1336d11a8291e2e75a777fb4ffe5fcb /ssl/ssl_lib.c
parente271e41d66a94d7d10e9170f9157b2a8a90d3bd5 (diff)
downloadsrc-8f9fae4c4537bd423d1a266b3280c396a2e90f44.tar.gz
src-8f9fae4c4537bd423d1a266b3280c396a2e90f44.zip
Import OpenSSL 1.0.1s.vendor/openssl/1.0.1s
Notes
Notes: svn path=/vendor-crypto/openssl/dist-1.0.1/; revision=296275 svn path=/vendor-crypto/openssl/1.0.1s/; revision=296276; tag=vendor/openssl/1.0.1s
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r--ssl/ssl_lib.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 93d1cbe438e4..33c52ac5bf03 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1896,6 +1896,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
*/
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+ /*
+ * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
+ * explicitly clear this option via either of SSL_CTX_clear_options() or
+ * SSL_clear_options().
+ */
+ ret->options |= SSL_OP_NO_SSLv2;
+
return (ret);
err:
SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);