3 @@ -1005,6 +1005,16 @@ listen_sslctx_setup(void* ctxt)
4 log_crypto_err("could not set cipher list with SSL_CTX_set_cipher_list");
7 +#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
8 + /* ignore errors when peers do not send the mandatory close_notify
10 + * Relevant for openssl >= 3 */
11 + if((SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF) &
12 + SSL_OP_IGNORE_UNEXPECTED_EOF) != SSL_OP_IGNORE_UNEXPECTED_EOF) {
13 + log_crypto_err("could not set SSL_OP_IGNORE_UNEXPECTED_EOF");
18 if((SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE) &
19 SSL_OP_CIPHER_SERVER_PREFERENCE) !=
20 @@ -1233,6 +1243,17 @@ void* connect_sslctx_create(char* key, c
25 +#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
26 + /* ignore errors when peers do not send the mandatory close_notify
27 + * alert on shutdown.
28 + * Relevant for openssl >= 3 */
29 + if((SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF) &
30 + SSL_OP_IGNORE_UNEXPECTED_EOF) != SSL_OP_IGNORE_UNEXPECTED_EOF) {
31 + log_crypto_err("could not set SSL_OP_IGNORE_UNEXPECTED_EOF");
37 if(!SSL_CTX_use_certificate_chain_file(ctx, pem)) {