/* This can fail because we do not have RSA available */
if ( !ssl_ctx ) {
debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
+#ifndef DISABLE_SSLV3
ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
}
if ( !ssl_ctx ) {
debug(F110,"ssl_tn_init","SSLv3_client_method failed",0);
+#endif
last_ssl_mode = -1;
return(0);
}
debug(F110,"ssl_tn_init","SSLv23_client_method OK",0);
} else {
debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
+#ifndef DISABLE_SSLV3
tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
+#endif /* DISABLE_SSLV3 */
if ( !tls_ctx ) {
+#ifndef DISABLE_SSLV3
debug(F110,
- "ssl_tn_init","TLSv1_client_method failed",0);
+ "ssl_tn_init","SSLv3_client_method failed",0);
+#endif /* DISABLE_SSLV3 */
debug(F110,
"ssl_tn_init","All SSL client methods failed",0);
last_ssl_mode = -1;
/* This can fail because we do not have RSA available */
if ( !ssl_ctx ) {
debug(F110,"ssl_tn_init","SSLv23_server_method failed",0);
+#ifndef DISABLE_SSLV3
ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_server_method());
}
if ( !ssl_ctx ) {
debug(F110,"ssl_tn_init","SSLv3_server_method failed",0);
+#endif
last_ssl_mode = -1;
return(0);
}
* that cannot read poorly written specs :-)
* for TLS be sure to prevent use of SSLv2
*/
- SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL|SSL_OP_NO_SSLv2);
+ SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL|SSL_OP_NO_SSLv2
+#ifdef DISABLE_SSLV3
+ |SSL_OP_NO_SSLv3
+#endif
+ );
SSL_CTX_set_options(tls_ctx,
- SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA);
+ SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
+#ifdef DISABLE_SSLV3
+ |SSL_OP_NO_SSLv3
+#endif
+ );
SSL_CTX_set_info_callback(ssl_ctx,ssl_client_info_callback);
SSL_CTX_set_info_callback(tls_ctx,ssl_client_info_callback);
* for TLS be sure to prevent use of SSLv2
*/
SSL_CTX_set_options(tls_http_ctx,
- SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA);
+ SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
+#ifdef DISABLE_SSLV3
+ |SSL_OP_NO_SSLv3
+#endif
+ );
SSL_CTX_set_info_callback(tls_http_ctx,ssl_client_info_callback);