From b68c81f767e699cd39cb1a2aa4f99b36c947a08d Mon Sep 17 00:00:00 2001
From: dequis <dx@dxzone.com.ar>
Date: Sat, 27 Jun 2015 13:13:03 -0300
Subject: [PATCH] irssiproxy: Use TLS 1.0/1.1/1.2, disable SSLv2 and SSLv3

---
 src/irc/proxy/listen.c | 4 ++--
 src/irc/proxy/proxy.h  | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/irc/proxy/listen.c b/src/irc/proxy/listen.c
index 519666bd..6e3ab115 100644
--- a/src/irc/proxy/listen.c
+++ b/src/irc/proxy/listen.c
@@ -648,14 +648,14 @@ static void add_listen(const char *ircnet, int port, char *sslcert)
 
 	if(sslcert != NULL) {
 		rec->use_ssl = TRUE;
-		rec->ssl_method = SSLv3_server_method(); /* let's start with 3 */
-		rec->ssl_ctx = SSL_CTX_new(rec->ssl_method);
+		rec->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
 		if(rec->ssl_ctx == NULL) {
 			printtext(NULL, NULL, MSGLEVEL_CLIENTERROR,
 			  "Proxy: Error setting up SSL Context for port %d failed.",
 			  rec->port);
 			goto error;
 		}
+		SSL_CTX_set_options(rec->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 
 		if(SSL_CTX_use_certificate_file(rec->ssl_ctx, sslcert, SSL_FILETYPE_PEM) <= 0) {
 			printtext(NULL, NULL, MSGLEVEL_CLIENTERROR, "Proxy: Error loading certificate.");
diff --git a/src/irc/proxy/proxy.h b/src/irc/proxy/proxy.h
index ea53d7d9..0b6b9385 100644
--- a/src/irc/proxy/proxy.h
+++ b/src/irc/proxy/proxy.h
@@ -24,7 +24,6 @@ typedef struct {
 	GSList *clients;
 	unsigned int use_ssl;
 	SSL_CTX *ssl_ctx;
-	SSL_METHOD *ssl_method;
 } LISTEN_REC;
 
 typedef struct {