From 566904ece4aa15cfc90a4452375b54b5daf3baf2 Mon Sep 17 00:00:00 2001
From: Attila Molnar <attilamolnar@hush.com>
Date: Tue, 14 Oct 2014 17:40:13 +0200
Subject: m_ssl_openssl Add user-friendly config options for setting a few
 OpenSSL context options

---
 src/modules/extra/m_ssl_openssl.cpp | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'src/modules')

diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 518712c00..8a575466e 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -113,6 +113,20 @@ class ModuleSSLOpenSSL : public Module
 	static void SetContextOptions(SSL_CTX* ctx, long defoptions, const std::string& ctxname, ConfigTag* tag)
 	{
 		long setoptions = tag->getInt(ctxname + "setoptions");
+		// User-friendly config options for setting context options
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+		if (tag->getBool("cipherserverpref"))
+			setoptions |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+#endif
+#ifdef SSL_OP_NO_COMPRESSION
+		if (!tag->getBool("compression", true))
+			setoptions |= SSL_OP_NO_COMPRESSION;
+#endif
+		if (!tag->getBool("sslv3", true))
+			setoptions |= SSL_OP_NO_SSLv3;
+		if (!tag->getBool("tlsv1", true))
+			setoptions |= SSL_OP_NO_TLSv1;
+
 		long clearoptions = tag->getInt(ctxname + "clearoptions");
 		ServerInstance->Logs->Log("m_ssl_openssl", DEBUG, "Setting OpenSSL %s context options, default: %ld set: %ld clear: %ld", ctxname.c_str(), defoptions, clearoptions, setoptions);
 
-- 
cgit v1.2.3