diff options
| -rw-r--r-- | src/backend/libpq/be-secure.c | 4 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-secure.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c index 5b031214550..c73eab42cd3 100644 --- a/src/backend/libpq/be-secure.c +++ b/src/backend/libpq/be-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.21 2002/12/23 22:19:00 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.22 2003/01/08 22:56:58 momjian Exp $ * * Since the server static private key ($DataDir/server.key) * will normally be stored unencrypted so that the database @@ -637,7 +637,7 @@ initialize_SSL(void) /* set up empheral DH keys */ SSL_CTX_set_tmp_dh_callback(SSL_context, tmp_dh_cb); - SSL_CTX_set_options(SSL_context, SSL_OP_SINGLE_DH_USE); + SSL_CTX_set_options(SSL_context, SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2); /* accept client certificates, but don't require them. */ snprintf(fnbuf, sizeof fnbuf, "%s/root.crt", DataDir); diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c index 6f613aec069..36fe45bd9ca 100644 --- a/src/interfaces/libpq/fe-secure.c +++ b/src/interfaces/libpq/fe-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.18 2002/12/18 13:15:15 pgsql Exp $ + * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.19 2003/01/08 22:56:58 momjian Exp $ * * NOTES * The client *requires* a valid server certificate. Since @@ -714,7 +714,7 @@ initialize_SSL(PGconn *conn) { SSL_library_init(); SSL_load_error_strings(); - SSL_context = SSL_CTX_new(SSLv23_method()); + SSL_context = SSL_CTX_new(TLSv1_method()); if (!SSL_context) { printfPQExpBuffer(&conn->errorMessage, |