From 76cd65013b058a639e21703bfce5c227caf38deb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= <rene.cannao@gmail.com>
Date: Thu, 29 Mar 2018 15:45:30 +0200
Subject: [PATCH] SSL optimizations

- increased key size from 512 bits to 2048 bits
- changed SSL method from TLSv1_server_method to SSLv23_server_method
---
 src/main.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main.cpp b/src/main.cpp
index d9557169a..a78ec0f3a 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -193,7 +193,8 @@ void ProxySQL_Main_init_SSL_module() {
 	SSL_METHOD *ssl_method;
 	OpenSSL_add_all_algorithms();
 	SSL_load_error_strings();
-	ssl_method = (SSL_METHOD *)TLSv1_server_method();
+	//ssl_method = (SSL_METHOD *)TLSv1_server_method();
+	ssl_method = (SSL_METHOD *)SSLv23_server_method();
 	GloVars.global.ssl_ctx = SSL_CTX_new(ssl_method);
 	if (GloVars.global.ssl_ctx==NULL)	{
 		ERR_print_errors_fp(stderr);
@@ -208,7 +209,7 @@ void ProxySQL_Main_init_SSL_module() {
 
 	bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
-	if (ssl_mkit(&x509, &pkey, 512, 0, 730) == 0) {
+	if (ssl_mkit(&x509, &pkey, 2048, 0, 730) == 0) {
 		proxy_error("Unable to initialize SSL. Shutting down...\n");
 		exit(EXIT_SUCCESS); // we exit gracefully to not be restarted
 	}