tls_options

In ejabberd 14.05 we have new "tls_options" config option.
I havent found any docs on it.
I want to deny usage of outdated sslv3 protocol, possibly also tlsv1.
Whats the correct way to do it ?

By now i solved my task by

By now i solved my task by slightly modifying p1_tls_drv.so

git clone https://github.com/processone/tls

p1_tls_drv.c :
----------------------------------------------------

#ifdef SSL_OP_NO_COMPRESSION
<------> if (flags & COMPRESSION_NONE)
<------> SSL_set_options(d->ssl, SSL_OP_NO_COMPRESSION);
#endif

// MODDED
SSL_set_options(d->ssl, SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2);

<------> SSL_set_ex_data(d->ssl, ssl_index, d);
----------------------------------------------------

compile
replace lib/ejabberd-14.05/priv/lib/p1_tls_drv.so

This is dumb but it works.

Syndicate content