From b5b69ac97255e2b29dbd238f2c169e7c2b47e6a2 Mon Sep 17 00:00:00 2001
From: ritt <stefan.ritt@psi.ch>
Date: Thu, 7 Jan 2021 22:54:11 +0100
Subject: [PATCH] Disabled TLSv1 and TLSv1_1

---
 src/elogd.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/elogd.c b/src/elogd.c
index c99a9c14..ca8faec9 100755
--- a/src/elogd.c
+++ b/src/elogd.c
@@ -29523,6 +29523,17 @@ SSL_CTX *init_ssl(void) {
 #endif
    ctx = SSL_CTX_new(meth);
 
+#if OPENSSL_VERSION_NUMBER > 0x1010000fL
+   // disable obsolete SSL and TLS, need TLSv1_2 for Internet Explorer
+   SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
+                            SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);
+
+   if (SSL_CTX_set_cipher_list(ctx, "ALL:!NULL-MD5:!NULL-SHA:!NULL-RSA") <= 0) {
+      eprintf("Error setting the cipher list.\n");
+      return NULL;
+   }
+#endif
+
    if (getcfg("global", "SSL Passphrase", pwd, sizeof(pwd))) {
       SSL_CTX_set_default_passwd_cb_userdata(ctx, pwd);
    }