Lines 1056-1061
void * tls_init(const struct tls_config *conf)
Link Here
|
1056 |
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2); |
1056 |
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2); |
1057 |
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3); |
1057 |
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3); |
1058 |
|
1058 |
|
|
|
1059 |
/* Many enterprise PEAP server implementations (e.g. used in large |
1060 |
corporations and universities) do not support RFC5746 secure |
1061 |
renegotiation, and starting with OpenSSL 3.0, |
1062 |
SSL_OP_LEGACY_SERVER_CONNECT is no longer set as part of SSL_OP_ALL. |
1063 |
So until we implement a way to request SSL_OP_LEGACY_SERVER_CONNECT |
1064 |
only in EAP peer mode, just set SSL_OP_LEGACY_SERVER_CONNECT |
1065 |
globally. */ |
1066 |
|
1067 |
SSL_CTX_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT); |
1068 |
|
1059 |
SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY); |
1069 |
SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY); |
1060 |
|
1070 |
|
1061 |
#ifdef SSL_MODE_NO_AUTO_CHAIN |
1071 |
#ifdef SSL_MODE_NO_AUTO_CHAIN |