diff options
Diffstat (limited to 'src/microspdy/io_openssl.c')
-rw-r--r-- | src/microspdy/io_openssl.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/microspdy/io_openssl.c b/src/microspdy/io_openssl.c index 9c152d87..8dea5bb7 100644 --- a/src/microspdy/io_openssl.c +++ b/src/microspdy/io_openssl.c | |||
@@ -77,20 +77,28 @@ SPDYF_openssl_global_deinit() | |||
77 | int | 77 | int |
78 | SPDYF_openssl_init(struct SPDY_Daemon *daemon) | 78 | SPDYF_openssl_init(struct SPDY_Daemon *daemon) |
79 | { | 79 | { |
80 | int options; | ||
80 | //create ssl context. TLSv1 used | 81 | //create ssl context. TLSv1 used |
81 | if(NULL == (daemon->io_context = SSL_CTX_new(TLSv1_server_method()))) | 82 | if(NULL == (daemon->io_context = SSL_CTX_new(TLSv1_server_method()))) |
82 | { | 83 | { |
83 | SPDYF_DEBUG("Couldn't create ssl context"); | 84 | SPDYF_DEBUG("Couldn't create ssl context"); |
84 | return SPDY_NO; | 85 | return SPDY_NO; |
85 | } | 86 | } |
86 | //set options for tls | 87 | //set options for tls |
87 | //TODO DH is not enabled for easier debugging | 88 | //TODO DH is not enabled for easier debugging |
88 | //SSL_CTX_set_options(daemon->io_context, SSL_OP_SINGLE_DH_USE); | 89 | //SSL_CTX_set_options(daemon->io_context, SSL_OP_SINGLE_DH_USE); |
89 | 90 | ||
90 | //TODO here session tickets are disabled for easier debuging with | 91 | //TODO here session tickets are disabled for easier debuging with |
91 | //wireshark when using Chrome | 92 | //wireshark when using Chrome |
92 | //SSL_OP_NO_COMPRESSION disables TLS compression to avoid CRIME attack | 93 | // SSL_OP_NO_COMPRESSION disables TLS compression to avoid CRIME attack |
93 | SSL_CTX_set_options(daemon->io_context, SSL_OP_NO_TICKET | SSL_OP_NO_COMPRESSION); | 94 | options = SSL_OP_NO_TICKET; |
95 | #ifdef SSL_OP_NO_COMPRESSION | ||
96 | options |= SSL_OP_NO_COMPRESSION; | ||
97 | #elif OPENSSL_VERSION_NUMBER >= 0x00908000L /* workaround for OpenSSL 0.9.8 */ | ||
98 | sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); | ||
99 | #endif | ||
100 | |||
101 | SSL_CTX_set_options(daemon->io_context, options); | ||
94 | if(1 != SSL_CTX_use_certificate_file(daemon->io_context, daemon->certfile , SSL_FILETYPE_PEM)) | 102 | if(1 != SSL_CTX_use_certificate_file(daemon->io_context, daemon->certfile , SSL_FILETYPE_PEM)) |
95 | { | 103 | { |
96 | SPDYF_DEBUG("Couldn't load the cert file"); | 104 | SPDYF_DEBUG("Couldn't load the cert file"); |