diff options
| author | Steven Fackler <[email protected]> | 2016-10-30 18:49:29 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-10-30 18:49:29 -0700 |
| commit | 997e92e052301e633fd6560bc5a369fc0d965f8d (patch) | |
| tree | 9bed1eae0d966e6efb97c5325efacdf281dabbc1 /openssl/src | |
| parent | Move HandshakeError to submodule (diff) | |
| download | rust-openssl-997e92e052301e633fd6560bc5a369fc0d965f8d.tar.xz rust-openssl-997e92e052301e633fd6560bc5a369fc0d965f8d.zip | |
Merge ssl option setup
The client will ignore server-side options so we may as well stick them
all in the same spot.
Diffstat (limited to 'openssl/src')
| -rw-r--r-- | openssl/src/ssl/connector.rs | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index bea54a4e..94784e81 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -34,6 +34,9 @@ fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> { opts &= !ssl::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; opts |= ssl::SSL_OP_NO_SSLV2; opts |= ssl::SSL_OP_NO_SSLV3; + opts |= ssl::SSL_OP_SINGLE_DH_USE; + opts |= ssl::SSL_OP_SINGLE_ECDH_USE; + opts |= ssl::SSL_OP_CIPHER_SERVER_PREFERENCE; ctx.set_options(opts); Ok(ctx) @@ -117,8 +120,6 @@ impl ServerConnectorBuilder { I::Item: AsRef<X509Ref> { let mut ctx = try!(ctx(method)); - ctx.set_options(ssl::SSL_OP_SINGLE_DH_USE | ssl::SSL_OP_SINGLE_ECDH_USE | - ssl::SSL_OP_CIPHER_SERVER_PREFERENCE); let dh = try!(Dh::from_pem(DHPARAM_PEM.as_bytes())); try!(ctx.set_tmp_dh(&dh)); try!(setup_curves(&mut ctx)); @@ -151,7 +152,6 @@ impl ServerConnectorBuilder { I::Item: AsRef<X509Ref> { let mut ctx = try!(ctx(method)); - ctx.set_options(ssl::SSL_OP_SINGLE_ECDH_USE | ssl::SSL_OP_CIPHER_SERVER_PREFERENCE); try!(setup_curves(&mut ctx)); try!(ctx.set_cipher_list( "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\ |