From 936b761e8c2d21a577cfc50997412e4605404653 Mon Sep 17 00:00:00 2001
From: Aaron Zauner <azet@azet.org>
Date: Thu, 11 Jun 2015 20:55:51 +0200
Subject: [PATCH] get rid of toxic OP_ALL option, disable SSLv3 by default

SSL_OP_ALL, see: http://daniel.haxx.se/blog/2012/01/27/sloppily-using-ssl_op_all/
SSLv3: https://datatracker.ietf.org/doc/draft-ietf-tls-sslv3-diediedie/
---
 src/hitch.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/hitch.c b/src/hitch.c
index 84bcdc3f..131de97f 100644
--- a/src/hitch.c
+++ b/src/hitch.c
@@ -773,7 +773,7 @@ SSL_CTX *make_ctx(const char *pemfile) {
     SSL_CTX *ctx;
     RSA *rsa;
 
-    long ssloptions = SSL_OP_NO_SSLv2 | SSL_OP_ALL |
+    long ssloptions = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
             SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
 
 #ifdef SSL_OP_NO_COMPRESSION