github
/
aria2
mirror of https://github.com/aria2/aria2
1
0
Fork 0
Code Issues Releases Wiki Activity

LibsslTLSContext: Disable SSLv3 and enable ECDHE cipher suites

pull/311/head
Tatsuhiro Tsujikawa 2014-11-29 19:32:32 +09:00
parent bb6fae2f00
commit 71d8424318
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/LibsslTLSContext.cc
View File

@ -100,8 +100,9 @@ OpenSSLTLSContext::OpenSSLTLSContext(TLSSessionSide side)
ERR_error_string(ERR_get_error(), nullptr))); ERR_error_string(ERR_get_error(), nullptr)));
return; return;
} }
// Disable SSLv2 and enable all workarounds for buggy servers // Disable SSLv2/3 and enable all workarounds for buggy servers
SSL_CTX_set_options(sslCtx_, SSL_OP_ALL | SSL_OP_NO_SSLv2 SSL_CTX_set_options(sslCtx_, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3
| SSL_OP_SINGLE_ECDH_USE
#ifdef SSL_OP_NO_COMPRESSION #ifdef SSL_OP_NO_COMPRESSION
| SSL_OP_NO_COMPRESSION | SSL_OP_NO_COMPRESSION
#endif // SSL_OP_NO_COMPRESSION #endif // SSL_OP_NO_COMPRESSION
@ -117,6 +118,15 @@ OpenSSLTLSContext::OpenSSLTLSContext(TLSSessionSide side)
A2_LOG_ERROR(fmt("SSL_CTX_set_cipher_list() failed. Cause: %s", A2_LOG_ERROR(fmt("SSL_CTX_set_cipher_list() failed. Cause: %s",
ERR_error_string(ERR_get_error(), nullptr))); ERR_error_string(ERR_get_error(), nullptr)));
} }
auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if(ecdh == nullptr) {
A2_LOG_WARN(fmt("Failed to enable ECDHE cipher suites. Cause: %s",
ERR_error_string(ERR_get_error(), nullptr)));
} else {
SSL_CTX_set_tmp_ecdh(sslCtx_, ecdh);
EC_KEY_free(ecdh);
}
} }
OpenSSLTLSContext::~OpenSSLTLSContext() OpenSSLTLSContext::~OpenSSLTLSContext()