From 527eb322a5bfa97d5716e7f8178e319c515065a2 Mon Sep 17 00:00:00 2001

From: Marc Deslauriers <marc.deslauriers@ubuntu.com>

Date: Mon, 20 Oct 2014 10:08:26 -0400

Subject: [PATCH] Don't force the use of SSLv3.

SSLv3 should no longer be used for security reasons. Let the best

connection method be automatically determined by using SSLv23_client_method()

and SSLv23_server_method().

---

 src/common/ssl.c | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/common/ssl.c b/src/common/ssl.c

index a18ad47..35eb237 100644

--- a/src/common/ssl.c

+++ b/src/common/ssl.c

@@ -70,7 +70,7 @@ _SSL_context_init (void (*info_cb_func), int server)

 	SSLeay_add_ssl_algorithms ();

 	SSL_load_error_strings ();

-	ctx = SSL_CTX_new (server ? SSLv3_server_method() : SSLv3_client_method ());

+	ctx = SSL_CTX_new (server ? SSLv23_server_method() : SSLv23_client_method ());

 	SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);

 	SSL_CTX_set_timeout (ctx, 300);

@@ -281,7 +281,7 @@ _SSL_socket (SSL_CTX *ctx, int sd)

 		__SSL_critical_error ("SSL_new");

 	SSL_set_fd (ssl, sd);

-	if (ctx->method == SSLv3_client_method())

+	if (ctx->method == SSLv23_client_method())

 		SSL_set_connect_state (ssl);

 	else

 	        SSL_set_accept_state(ssl);

-- 

2.1.0