diff options
Diffstat (limited to 'net/socket')
-rw-r--r-- | net/socket/ssl_client_socket_openssl.cc | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc index 5668c8a..fb05bf3 100644 --- a/net/socket/ssl_client_socket_openssl.cc +++ b/net/socket/ssl_client_socket_openssl.cc @@ -447,12 +447,8 @@ bool SSLClientSocketOpenSSL::Init() { options.ConfigureFlag(SSL_OP_NO_SSLv2, true); options.ConfigureFlag(SSL_OP_NO_SSLv3, !ssl_config_.ssl3_enabled); options.ConfigureFlag(SSL_OP_NO_TLSv1, !ssl_config_.tls1_enabled); -#ifdef SSL_OP_NO_TLSv1_1 - options.ConfigureFlag(SSL_OP_NO_TLSv1_1, true); -#endif -#ifdef SSL_OP_NO_TLSv1_2 - options.ConfigureFlag(SSL_OP_NO_TLSv1_2, true); -#endif + options.ConfigureFlag(SSL_OP_NO_TLSv1_1, !ssl_config_.tls1_1_enabled); + options.ConfigureFlag(SSL_OP_NO_TLSv1_2, !ssl_config_.tls1_2_enabled); #if defined(SSL_OP_NO_COMPRESSION) // If TLS was disabled also disable compression, to provide maximum site @@ -498,7 +494,7 @@ bool SSLClientSocketOpenSSL::Init() { DCHECK(ciphers); // See SSLConfig::disabled_cipher_suites for description of the suites // disabled by default. - std::string command("DEFAULT:!NULL:!aNULL:!IDEA:!FZA"); + std::string command("DEFAULT:!NULL:!aNULL:!IDEA:!FZA:!RC4"); // Walk through all the installed ciphers, seeing if any need to be // appended to the cipher removal |command|. for (int i = 0; i < sk_SSL_CIPHER_num(ciphers); ++i) { |