Created
October 8, 2012 11:03
-
-
Save hcooper/3851962 to your computer and use it in GitHub Desktop.
Disable SSLv2 and SSL Compression support in Pound.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- config.c.orig 2012-10-05 14:57:53.000000000 +0100 | |
| +++ config.c 2012-10-08 10:29:55.523951240 +0100 | |
| @@ -1136,6 +1136,13 @@ | |
| SSL_CTX_set_app_data(pc->ctx, res); | |
| SSL_CTX_set_mode(pc->ctx, SSL_MODE_AUTO_RETRY); | |
| SSL_CTX_set_options(pc->ctx, ssl_op_enable); | |
| + | |
| + /* Disable compression and SSLv2 support | |
| + * this code isn't very portable as it presumes your OpenSSL version | |
| + * supports both these options, when many older versions don't. */ | |
| + SSL_CTX_set_options(pc->ctx, SSL_OP_NO_COMPRESSION); | |
| + SSL_CTX_set_options(pc->ctx, SSL_OP_NO_SSLv2); | |
| + | |
| SSL_CTX_clear_options(pc->ctx, ssl_op_disable); | |
| sprintf(lin, "%d-Pound-%ld", getpid(), random()); | |
| SSL_CTX_set_session_id_context(pc->ctx, (unsigned char *)lin, strlen(lin)); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment