steve
/
factor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

openssl.libssl: Add functions to set options on SSL_CTX. 

With these functions we can disable TLS1.0 and TLS1.1 someday.

Related to #2273.
master
Doug Coleman 2020-04-07 22:29:08 +00:00
parent e219aad7e5
commit 0e5a3e2f6a
2 changed files with 26 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
basis/io/sockets/secure/openssl/openssl.factor
View File

@ -59,6 +59,11 @@ PRIVATE>
dup length
f BN_bin2bn ; inline
: disable-old-tls ( ctx -- )
handle>>
SSL_OP_NO_TLSv1 SSL_OP_NO_TLSv1_1 bitor
SSL_CTX_set_options ssl-error ;
: set-session-cache ( ctx -- )
handle>>
[ SSL_SESS_CACHE_BOTH SSL_CTX_set_session_cache_mode ssl-error ]

12
basis/openssl/libssl/libssl.factor
View File

@ -507,6 +507,18 @@ FUNCTION: void SSL_CTX_set_tmp_dh_callback ( SSL_CTX* ctx, void* dh )
FUNCTION: void SSL_CTX_set_tmp_rsa_callback ( SSL_CTX* ctx, void* rsa )
FUNCTION: ulong SSL_CTX_set_options ( SSL_CTX* ctx, ulong options )
FUNCTION: ulong SSL_set_options ( SSL* ssl, ulong options )
FUNCTION: ulong SSL_CTX_clear_options ( SSL_CTX* ctx, ulong options )
FUNCTION: ulong SSL_clear_options ( SSL* ssl, ulong options )
FUNCTION: ulong SSL_CTX_get_options ( SSL_CTX* ctx )
FUNCTION: ulong SSL_get_options ( SSL* ssl )
FUNCTION: ulong SSL_get_secure_renegotiation_support ( SSL* ssl )
! ------------------------------------------------------------------------------
! Misc
! ------------------------------------------------------------------------------