denes
/
cpp_utils
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

SslConnection allows TLSv1.2 only

Browse Source
master
dmatetelki 9 years ago
parent 11f1df7a99
commit 80b1ad5773
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File

14
lib/cpp_utils/SslConnection.cpp
Unescape View File

@ -186,12 +186,17 @@ bool SslConnection::initServerContext( const std::string certificateFile,
{ {
TRACE; TRACE;
m_sslContext = SSL_CTX_new (SSLv3_method ()); m_sslContext = SSL_CTX_new (TLSv1_2_server_method ());
if ( m_sslContext == NULL ) { if ( m_sslContext == NULL ) {
LOG (Logger::ERR, getSslError("Creating SSL context failed. ").c_str() ); LOG (Logger::ERR, getSslError("Creating SSL context failed. ").c_str() );
return false; return false;
} }
SSL_CTX_set_options(m_sslContext, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(m_sslContext, SSL_OP_NO_SSLv3);
SSL_CTX_set_options(m_sslContext, SSL_OP_NO_TLSv1);
SSL_CTX_set_options(m_sslContext, SSL_OP_NO_TLSv1_1);
if ( !loadCertificates(certificateFile, privateKeyFile) ) if ( !loadCertificates(certificateFile, privateKeyFile) )
return false; return false;
@ -203,12 +208,17 @@ bool SslConnection::initClientContext()
{ {
TRACE; TRACE;
m_sslContext = SSL_CTX_new (SSLv3_method ()); m_sslContext = SSL_CTX_new (TLSv1_2_client_method ());
if ( m_sslContext == NULL ) { if ( m_sslContext == NULL ) {
LOG (Logger::ERR, getSslError("Creating SSL context failed. ").c_str() ); LOG (Logger::ERR, getSslError("Creating SSL context failed. ").c_str() );
return false; return false;
} }
SSL_CTX_set_options(m_sslContext, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(m_sslContext, SSL_OP_NO_SSLv3);
SSL_CTX_set_options(m_sslContext, SSL_OP_NO_TLSv1);
SSL_CTX_set_options(m_sslContext, SSL_OP_NO_TLSv1_1);
return initHandle(); return initHandle();
} }

Write Preview
Loading…
Cancel
Save