diff --git a/ctx.go b/ctx.go index 33befc40..59915340 100644 --- a/ctx.go +++ b/ctx.go @@ -369,9 +369,16 @@ const ( NoSSLv2 Options = C.SSL_OP_NO_SSLv2 NoSSLv3 Options = C.SSL_OP_NO_SSLv3 NoTLSv1 Options = C.SSL_OP_NO_TLSv1 + NoTLSv1_1 Options = C.SSL_OP_NO_TLSv1_1 + NoTLSv1_2 Options = C.SSL_OP_NO_TLSv1_2 CipherServerPreference Options = C.SSL_OP_CIPHER_SERVER_PREFERENCE NoSessionResumptionOrRenegotiation Options = C.SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION NoTicket Options = C.SSL_OP_NO_TICKET + DontInsertEmptyFragments Options = C.SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + TLSBlockPaddingBug Options = C.SSL_OP_TLS_BLOCK_PADDING_BUG + + // NoTLSv1_3 is only valid if you are using OpenSSL 1.1.1 or newer + NoTLSv1_3 Options = C.SSL_OP_NO_TLSv1_3 ) // SetOptions sets context options. See diff --git a/init.go b/init.go index 17dc6f38..480adcd7 100644 --- a/init.go +++ b/init.go @@ -115,3 +115,9 @@ func errorFromErrorQueue() error { } return errors.New(fmt.Sprintf("SSL errors: %s", strings.Join(errs, "\n"))) } + +const OpenSSLVersion string = C.OPENSSL_VERSION_TEXT + +// 1 for enable +const SSL3Enable int = C.X_SSL3_ENABLE +const TLS1Enable int = C.X_TLS1_ENABLE diff --git a/shim.c b/shim.c index 6e680841..36f3e5c8 100644 --- a/shim.c +++ b/shim.c @@ -375,7 +375,7 @@ int X_PEM_write_bio_PrivateKey_traditional(BIO *bio, EVP_PKEY *key, const EVP_CI int X_shim_init() { int rc = 0; - OPENSSL_config(NULL); + OPENSSL_no_config(); ENGINE_load_builtin_engines(); SSL_load_error_strings(); SSL_library_init(); diff --git a/shim.h b/shim.h index b792822b..08ca63c6 100644 --- a/shim.h +++ b/shim.h @@ -33,10 +33,26 @@ #define SSL_MODE_RELEASE_BUFFERS 0 #endif +#ifndef OPENSSL_NO_SSL3_METHOD +#define X_SSL3_ENABLE 1 +#else +#define X_SSL3_ENABLE 0 +#endif + +#ifndef OPENSSL_NO_TLS1_METHOD +#define X_TLS1_ENABLE 1 +#else +#define X_TLS1_ENABLE 0 +#endif + #ifndef SSL_OP_NO_COMPRESSION #define SSL_OP_NO_COMPRESSION 0 #endif +#ifndef SSL_OP_NO_TLSv1_3 +#define SSL_OP_NO_TLSv1_3 0 +#endif + /* shim methods */ extern int X_shim_init();