From e6f3c781038de68c6eb24e7c1532ee3fcc3a9c93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <yo@cristianrodriguez.net>
Date: Mon, 15 Aug 2011 17:55:58 -0300
Subject: [PATCH] - Disable SSLv2 and enable all workarounds for buggy servers
 - Keep memory usage low when openSSL supports SSL_MODE_RELEASE_BUFFERS

---
 src/LibsslTLSContext.cc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/LibsslTLSContext.cc b/src/LibsslTLSContext.cc
index 273ff2f9..272f8cd3 100644
--- a/src/LibsslTLSContext.cc
+++ b/src/LibsslTLSContext.cc
@@ -55,7 +55,14 @@ TLSContext::TLSContext()
     A2_LOG_ERROR(fmt("SSL_CTX_new() failed. Cause: %s",
                      ERR_error_string(ERR_get_error(), 0)));
   }
+  /* Disable SSLv2 and enable all workarounds for buggy servers */
+  SSL_CTX_set_options(sslCtx_, SSL_OP_ALL|SSL_OP_NO_SSLv2);
   SSL_CTX_set_mode(sslCtx_, SSL_MODE_AUTO_RETRY);
+  #ifdef SSL_MODE_RELEASE_BUFFERS
+  /* keep memory usage low */
+  SSL_CTX_set_mode(sslCtx_, SSL_MODE_RELEASE_BUFFERS);
+  #endif
+  
 }
 
 TLSContext::~TLSContext()