upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix #1227: Fix that Unbound control allows weak ciphersuits.

Browse source 
git-svn-id: file:///svn/unbound/trunk@4027 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2017-02-27 14:40:30 +00:00
parent 8ce59e67d5
commit 3289d8482c
2 changed files with 21 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
daemon/remote.c
View file

@ -242,6 +242,24 @@ daemon_remote_create(struct config_file* cfg)
daemon_remote_delete(rc);
return NULL;
}
#if defined(SSL_OP_NO_TLSv1) && defined(SSL_OP_NO_TLSv1_1)
/* if we have tls 1.1 disable 1.0 */
if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_TLSv1) & SSL_OP_NO_TLSv1)
!= SSL_OP_NO_TLSv1){
log_crypto_err("could not set SSL_OP_NO_TLSv1");
daemon_remote_delete(rc);
return NULL;
}
#endif
#if defined(SSL_OP_NO_TLSv1_1) && defined(SSL_OP_NO_TLSv1_2)
/* if we have tls 1.2 disable 1.1 */
if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_TLSv1_1) & SSL_OP_NO_TLSv1_1)
!= SSL_OP_NO_TLSv1_1){
log_crypto_err("could not set SSL_OP_NO_TLSv1_1");
daemon_remote_delete(rc);
return NULL;
}
#endif
if (cfg->remote_control_use_cert == 0) {
/* No certificates are requested */

3
doc/Changelog
View file

@ -1,3 +1,6 @@
27 February 2017: Wouter
- Fix #1227: Fix that Unbound control allows weak ciphersuits.
24 February 2017: Wouter
- include sys/time.h for new shm code on NetBSD.