Loading openssl/src/ssl/connector.rs +10 −6 Original line number Diff line number Diff line Loading @@ -207,9 +207,7 @@ impl SslAcceptor { /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS pub fn mozilla_intermediate_v5(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> { let mut ctx = ctx(method)?; ctx.set_options(SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_2); #[cfg(ossl111)] ctx.clear_options(SslOptions::NO_TLSV1_3); ctx.set_options(SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1); let dh = Dh::params_from_pem(FFDHE_2048.as_bytes())?; ctx.set_tmp_dh(&dh)?; setup_curves(&mut ctx)?; Loading @@ -219,7 +217,9 @@ impl SslAcceptor { DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" )?; #[cfg(ossl111)] ctx.set_ciphersuites("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")?; ctx.set_ciphersuites( "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256", )?; Ok(SslAcceptorBuilder(ctx)) } Loading @@ -235,7 +235,9 @@ impl SslAcceptor { pub fn mozilla_modern_v5(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> { let mut ctx = ctx(method)?; ctx.set_options(SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_3); ctx.set_ciphersuites("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")?; ctx.set_ciphersuites( "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256", )?; Ok(SslAcceptorBuilder(ctx)) } Loading Loading @@ -277,7 +279,9 @@ impl SslAcceptor { // FIXME remove in next major version pub fn mozilla_modern(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> { let mut ctx = ctx(method)?; ctx.set_options(SslOptions::CIPHER_SERVER_PREFERENCE | SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1); ctx.set_options( SslOptions::CIPHER_SERVER_PREFERENCE | SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1, ); #[cfg(ossl111)] ctx.set_options(SslOptions::NO_TLSV1_3); setup_curves(&mut ctx)?; Loading Loading
openssl/src/ssl/connector.rs +10 −6 Original line number Diff line number Diff line Loading @@ -207,9 +207,7 @@ impl SslAcceptor { /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS pub fn mozilla_intermediate_v5(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> { let mut ctx = ctx(method)?; ctx.set_options(SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_2); #[cfg(ossl111)] ctx.clear_options(SslOptions::NO_TLSV1_3); ctx.set_options(SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1); let dh = Dh::params_from_pem(FFDHE_2048.as_bytes())?; ctx.set_tmp_dh(&dh)?; setup_curves(&mut ctx)?; Loading @@ -219,7 +217,9 @@ impl SslAcceptor { DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" )?; #[cfg(ossl111)] ctx.set_ciphersuites("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")?; ctx.set_ciphersuites( "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256", )?; Ok(SslAcceptorBuilder(ctx)) } Loading @@ -235,7 +235,9 @@ impl SslAcceptor { pub fn mozilla_modern_v5(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> { let mut ctx = ctx(method)?; ctx.set_options(SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_3); ctx.set_ciphersuites("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")?; ctx.set_ciphersuites( "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256", )?; Ok(SslAcceptorBuilder(ctx)) } Loading Loading @@ -277,7 +279,9 @@ impl SslAcceptor { // FIXME remove in next major version pub fn mozilla_modern(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> { let mut ctx = ctx(method)?; ctx.set_options(SslOptions::CIPHER_SERVER_PREFERENCE | SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1); ctx.set_options( SslOptions::CIPHER_SERVER_PREFERENCE | SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1, ); #[cfg(ossl111)] ctx.set_options(SslOptions::NO_TLSV1_3); setup_curves(&mut ctx)?; Loading
