Commit 997e92e0 authored by Steven Fackler's avatar Steven Fackler
Browse files

Merge ssl option setup 

The client will ignore server-side options so we may as well stick them
all in the same spot.
parent bd457dba

openssl/src/ssl/connector.rs

+3 −3
Original line number Diff line number Diff line
@@ -34,6 +34,9 @@ fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> { 
    opts &= !ssl::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;

    opts |= ssl::SSL_OP_NO_SSLV2;

    opts |= ssl::SSL_OP_NO_SSLV3;

    opts |= ssl::SSL_OP_SINGLE_DH_USE;

    opts |= ssl::SSL_OP_SINGLE_ECDH_USE;

    opts |= ssl::SSL_OP_CIPHER_SERVER_PREFERENCE;

    ctx.set_options(opts);



    Ok(ctx)
@@ -117,8 +120,6 @@ impl ServerConnectorBuilder { 
              I::Item: AsRef<X509Ref>

    {

        let mut ctx = try!(ctx(method));

        ctx.set_options(ssl::SSL_OP_SINGLE_DH_USE | ssl::SSL_OP_SINGLE_ECDH_USE |

                        ssl::SSL_OP_CIPHER_SERVER_PREFERENCE);

        let dh = try!(Dh::from_pem(DHPARAM_PEM.as_bytes()));

        try!(ctx.set_tmp_dh(&dh));

        try!(setup_curves(&mut ctx));
@@ -151,7 +152,6 @@ impl ServerConnectorBuilder { 
              I::Item: AsRef<X509Ref>

    {

        let mut ctx = try!(ctx(method));

        ctx.set_options(ssl::SSL_OP_SINGLE_ECDH_USE | ssl::SSL_OP_CIPHER_SERVER_PREFERENCE);

        try!(setup_curves(&mut ctx));

        try!(ctx.set_cipher_list(

            "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\