Preventing older insecure version of TLS/SSL
This commit is contained in:
parent
2849f76f31
commit
4d3cf2c626
|
@ -393,6 +393,9 @@ SecureSocket::initContext(bool server)
|
||||||
SSL_METHOD* m = const_cast<SSL_METHOD*>(method);
|
SSL_METHOD* m = const_cast<SSL_METHOD*>(method);
|
||||||
m_ssl->m_context = SSL_CTX_new(m);
|
m_ssl->m_context = SSL_CTX_new(m);
|
||||||
|
|
||||||
|
//Prevent the usage of of all version prior to TLSv1.2 as they are known to be vulnerable
|
||||||
|
SSL_CTX_set_options(m_ssl->m_context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);
|
||||||
|
|
||||||
if (m_ssl->m_context == NULL) {
|
if (m_ssl->m_context == NULL) {
|
||||||
showError();
|
showError();
|
||||||
}
|
}
|
||||||
|
@ -848,7 +851,7 @@ SecureSocket::showSecureConnectInfo()
|
||||||
SSL_CIPHER_description(cipher, msg, kMsgSize);
|
SSL_CIPHER_description(cipher, msg, kMsgSize);
|
||||||
LOG((CLOG_DEBUG "openssl cipher: %s", msg));
|
LOG((CLOG_DEBUG "openssl cipher: %s", msg));
|
||||||
|
|
||||||
LOG((CLOG_INFO "network encryption protocol: %s", SSL_CIPHER_get_version(cipher)));
|
LOG((CLOG_INFO "network encryption protocol: %s", SSL_get_version(m_ssl->m_ssl)));
|
||||||
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
Loading…
Reference in New Issue