DISABLE_SSLV3 option, disables SSLv3 at compile time

[ckermit.git] / ckcftp.c

diff --git a/ckcftp.c b/ckcftp.c
index 9c145f5..79139f1 100644 (file)
--- a/ckcftp.c
+++ b/ckcftp.c
@@ -10210,9 +10210,11 @@ ssl_auth() {
     if (ftp_bug_use_ssl_v2) {
         /* allow SSL 2.0 or later */
         client_method = SSLv23_client_method();
+#ifndef DISABLE_SSLV3
     } else if (ftp_bug_use_ssl_v3) {
         /* allow SSL 3.0 ONLY - previous default */
         client_method = SSLv3_client_method();
+#endif /* DISABLE_SSLV3 */
     } else {
         /* default - allow TLS 1.0 or later */
         client_method = TLSv1_client_method();
@@ -10223,6 +10225,9 @@ ssl_auth() {
           return(0);
         SSL_CTX_set_options(ssl_ftp_ctx,
                             SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
+#ifdef DISABLE_SSLV3
+                            |SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3
+#endif
                             );
     } else {
         ssl_ftp_ctx = SSL_CTX_new(client_method);
@@ -10231,6 +10236,9 @@ ssl_auth() {
         SSL_CTX_set_options(ssl_ftp_ctx,
                             (ftp_bug_use_ssl_v2 ? 0 : SSL_OP_NO_SSLv2)|
                             SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
+#ifdef DISABLE_SSLV3
+                            |SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3
+#endif
                             );
     }
     SSL_CTX_set_default_passwd_cb(ssl_ftp_ctx,