diff options
| author | Steven Fackler <[email protected]> | 2018-02-15 19:55:20 -0800 |
|---|---|---|
| committer | GitHub <[email protected]> | 2018-02-15 19:55:20 -0800 |
| commit | 3db28a1e1279c1117d439d52dc2a159d94353222 (patch) | |
| tree | 7fae739c5340afb3ce177f782f8b9c5c8c104283 /openssl/src/ssl/connector.rs | |
| parent | Merge pull request #838 from olehermanse/master (diff) | |
| parent | Tweak features (diff) | |
| download | rust-openssl-3db28a1e1279c1117d439d52dc2a159d94353222.tar.xz rust-openssl-3db28a1e1279c1117d439d52dc2a159d94353222.zip | |
Merge pull request #839 from sfackler/openssl111
OpenSSL 1.1.1 support
Diffstat (limited to 'openssl/src/ssl/connector.rs')
| -rw-r--r-- | openssl/src/ssl/connector.rs | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index 9e485ab9..9d1ceadc 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -206,6 +206,12 @@ impl SslAcceptor { /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS pub fn mozilla_intermediate(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> { let mut ctx = ctx(method)?; + #[cfg(ossl111)] + { + ctx.set_options(SslOptions { + bits: ::ffi::SSL_OP_NO_TLSv1_3, + }); + } let dh = Dh::params_from_pem(DHPARAM_PEM.as_bytes())?; ctx.set_tmp_dh(&dh)?; setup_curves(&mut ctx)?; @@ -232,6 +238,13 @@ impl SslAcceptor { /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS pub fn mozilla_modern(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> { let mut ctx = ctx(method)?; + ctx.set_options(SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1); + #[cfg(ossl111)] + { + ctx.set_options(SslOptions { + bits: ::ffi::SSL_OP_NO_TLSv1_3, + }); + } setup_curves(&mut ctx)?; ctx.set_cipher_list( "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\ |