diff options
| author | Jung-uk Kim <jkim@FreeBSD.org> | 2016-03-01 17:58:15 +0000 |
|---|---|---|
| committer | Jung-uk Kim <jkim@FreeBSD.org> | 2016-03-01 17:58:15 +0000 |
| commit | 8f9fae4c4537bd423d1a266b3280c396a2e90f44 (patch) | |
| tree | af1124f2b1336d11a8291e2e75a777fb4ffe5fcb /ssl/ssl_lib.c | |
| parent | e271e41d66a94d7d10e9170f9157b2a8a90d3bd5 (diff) | |
| download | src-8f9fae4c4537bd423d1a266b3280c396a2e90f44.tar.gz src-8f9fae4c4537bd423d1a266b3280c396a2e90f44.zip | |
Import OpenSSL 1.0.1s.vendor/openssl/1.0.1s
Notes
Notes:
svn path=/vendor-crypto/openssl/dist-1.0.1/; revision=296275
svn path=/vendor-crypto/openssl/1.0.1s/; revision=296276; tag=vendor/openssl/1.0.1s
Diffstat (limited to 'ssl/ssl_lib.c')
| -rw-r--r-- | ssl/ssl_lib.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 93d1cbe438e4..33c52ac5bf03 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1896,6 +1896,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) */ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; + /* + * Disable SSLv2 by default, callers that want to enable SSLv2 will have to + * explicitly clear this option via either of SSL_CTX_clear_options() or + * SSL_clear_options(). + */ + ret->options |= SSL_OP_NO_SSLv2; + return (ret); err: SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); |