From b06b1f15aca3e42710ed6a496624e649464e2281 Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <andersk@mit.edu>
Date: Thu, 3 Jan 2013 04:01:53 -0500
Subject: [PATCH] Set SSL options for increased security

Disable SSLv2, SSLv3, and compression; generate new DH or ECDH keys
during each handshake; always start a new session on server
renegotiation; set a strong cipher list.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>

[ Patch from https://code.google.com/p/shellinabox/issues/detail?id=215 ]
---
 libhttp/ssl.c | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/libhttp/ssl.c b/libhttp/ssl.c
index d2788dd..c932deb 100644
--- a/libhttp/ssl.c
+++ b/libhttp/ssl.c
@@ -583,6 +583,27 @@ static int sslSetCertificateFromFile(SSL_CTX *context,
 }
 #endif
 
+static SSL_CTX *sslMakeContext(void) {
+  SSL_CTX *context;
+  check(context = SSL_CTX_new(SSLv23_server_method()));
+  SSL_CTX_set_options(context, SSL_OP_ALL);
+  SSL_CTX_set_options(context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+#ifdef SSL_OP_NO_COMPRESSION
+  SSL_CTX_set_options(context, SSL_OP_NO_COMPRESSION);
+#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
+  sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
+#endif
+  SSL_CTX_set_options(context, SSL_OP_SINGLE_DH_USE);
+#ifdef SSL_OP_SINGLE_ECDH_USE
+  SSL_CTX_set_options(context, SSL_OP_SINGLE_ECDH_USE);
+#endif
+#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+  SSL_CTX_set_options(context, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
+#endif
+  check(SSL_CTX_set_cipher_list(context, "HIGH:MEDIUM:!aNULL:!MD5"));
+  return context;
+}
+
 #ifdef HAVE_TLSEXT
 static int sslSNICallback(SSL *sslHndl, int *al ATTR_UNUSED,
                           struct SSLSupport *ssl) {
@@ -619,7 +640,7 @@ static int sslSNICallback(SSL *sslHndl, int *al ATTR_UNUSED,
                                                    serverName+1,
                                                    NULL);
   if (context == NULL) {
-    check(context         = SSL_CTX_new(SSLv23_server_method()));
+    context               = sslMakeContext();
     check(ssl->sniCertificatePattern);
     char *certificate     = stringPrintfUnchecked(NULL,
                                                   ssl->sniCertificatePattern,
@@ -697,7 +718,7 @@ void sslSetCertificate(struct SSLSupport *ssl, const char *filename,
   }
 
   // Try to set the default certificate. If necessary, (re-)generate it.
-  check(ssl->sslContext              = SSL_CTX_new(SSLv23_server_method()));
+  ssl->sslContext                    = sslMakeContext();
   if (autoGenerateMissing) {
     if (sslSetCertificateFromFile(ssl->sslContext, defaultCertificate) < 0) {
       char hostname[256], buf[4096];
@@ -781,7 +802,7 @@ static char *sslFdToFilename(int fd) {
 
 void sslSetCertificateFd(struct SSLSupport *ssl, int fd) {
 #ifdef HAVE_OPENSSL
-  check(ssl->sslContext = SSL_CTX_new(SSLv23_server_method()));
+  ssl->sslContext = sslMakeContext();
   char *filename = sslFdToFilename(fd);
   if (!sslSetCertificateFromFd(ssl->sslContext, fd)) {
     fatal("Cannot read valid certificate from %s. Check file format.",