+ /** Set raw OpenSSL context (SSL_CTX) options from a config tag
+ * @param ctxname Name of the context, client or server
+ * @param tag Config tag defining this profile
+ * @param context Context object to manipulate
+ */
+ void SetContextOptions(const std::string& ctxname, ConfigTag* tag, Context& context)
+ {
+ long setoptions = tag->getInt(ctxname + "setoptions", 0);
+ long clearoptions = tag->getInt(ctxname + "clearoptions", 0);
+
+#ifdef SSL_OP_NO_COMPRESSION
+ // Disable compression by default
+ if (!tag->getBool("compression", false))
+ setoptions |= SSL_OP_NO_COMPRESSION;
+#endif
+
+ // Disable TLSv1.0 by default.
+ if (!tag->getBool("tlsv1", false))
+ setoptions |= SSL_OP_NO_TLSv1;
+
+#ifdef SSL_OP_NO_TLSv1_1
+ // Enable TLSv1.1 by default.
+ if (!tag->getBool("tlsv11", true))
+ setoptions |= SSL_OP_NO_TLSv1_1;
+#endif
+
+#ifdef SSL_OP_NO_TLSv1_2
+ // Enable TLSv1.2 by default.
+ if (!tag->getBool("tlsv12", true))
+ setoptions |= SSL_OP_NO_TLSv1_2;
+#endif
+
+ if (!setoptions && !clearoptions)
+ return; // Nothing to do
+
+ ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Setting %s %s context options, default: %ld set: %ld clear: %ld", name.c_str(), ctxname.c_str(), ctx.GetDefaultContextOptions(), setoptions, clearoptions);
+ long final = context.SetRawContextOptions(setoptions, clearoptions);
+ ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "%s %s context options: %ld", name.c_str(), ctxname.c_str(), final);
+ }
+