diff options
| author | Jose <jose@zeroc.com> | 2017-03-27 17:44:39 +0200 |
|---|---|---|
| committer | Jose <jose@zeroc.com> | 2017-03-27 17:44:39 +0200 |
| commit | b18cce8da2ccb1d541b226450d13663d6f442b1c (patch) | |
| tree | 81afdb344081362511dc73381df89f5face0713c /cpp/src/IceSSL/SChannelEngine.cpp | |
| parent | Potential fix for IceDiscovery/simple test failure on Windows CI VMs (diff) | |
| download | ice-b18cce8da2ccb1d541b226450d13663d6f442b1c.tar.bz2 ice-b18cce8da2ccb1d541b226450d13663d6f442b1c.tar.xz ice-b18cce8da2ccb1d541b226450d13663d6f442b1c.zip | |
Fix (ICE-7708) - Add property to enable Schannel SCH_USE_STRONG_CRYPTO
Diffstat (limited to 'cpp/src/IceSSL/SChannelEngine.cpp')
| -rw-r--r-- | cpp/src/IceSSL/SChannelEngine.cpp | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/cpp/src/IceSSL/SChannelEngine.cpp b/cpp/src/IceSSL/SChannelEngine.cpp index f5bdb3fbd6b..f4a5ce68e6d 100644 --- a/cpp/src/IceSSL/SChannelEngine.cpp +++ b/cpp/src/IceSSL/SChannelEngine.cpp @@ -564,7 +564,8 @@ algorithmId(const string& name) SChannel::SSLEngine::SSLEngine(const CommunicatorPtr& communicator) : IceSSL::SSLEngine(communicator), _rootStore(0), - _chainEngine(0) + _chainEngine(0), + _strongCrypto(false) { } @@ -593,6 +594,8 @@ SChannel::SSLEngine::initialize() const_cast<DWORD&>(_protocols) = parseProtocols(properties->getPropertyAsListWithDefault(prefix + "Protocols", defaultProtocols)); + const_cast<bool&>(_strongCrypto) = properties->getPropertyAsIntWithDefault(prefix + "SchannelStrongCrypto", 0) > 0; + // // Check for a default directory. We look in this directory for // files mentioned in the configuration. @@ -1129,6 +1132,11 @@ SChannel::SSLEngine::newCredentialsHandle(bool incoming) cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION | SCH_CRED_NO_SERVERNAME_CHECK | SCH_CRED_NO_DEFAULT_CREDS; } + if(_strongCrypto) + { + cred.dwFlags |= SCH_USE_STRONG_CRYPTO; + } + if(!_ciphers.empty()) { cred.cSupportedAlgs = static_cast<DWORD>(_ciphers.size()); |