Remove duplicate setting of SSL_OP_SINGLE_DH_USE option.
Commit c0a15e07c
moved the setting of OpenSSL's SSL_OP_SINGLE_DH_USE option
into a new subroutine initialize_dh(), but forgot to remove it from where
it was. SSL_CTX_set_options() is a trivial function, amounting indeed to
just "ctx->options |= op", hence there's no reason to contort the code or
break separation of concerns to avoid calling it twice. So separating the
DH setup from disabling of old protocol versions is a good change, but we
need to finish the job.
Noted while poking into the question of SSL session tickets.
This commit is contained in:
parent
41cefbb6db
commit
f352f91cbf
|
@ -286,9 +286,7 @@ be_tls_init(bool isServerStart)
|
|||
}
|
||||
|
||||
/* disallow SSL v2/v3 */
|
||||
SSL_CTX_set_options(context,
|
||||
SSL_OP_SINGLE_DH_USE |
|
||||
SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
|
||||
SSL_CTX_set_options(context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
|
||||
|
||||
/* set up ephemeral DH and ECDH keys */
|
||||
if (!initialize_dh(context, isServerStart))
|
||||
|
|
Loading…
Reference in New Issue