Fix (ICE-7708) - Add property to enable Schannel SCH_USE_STRONG_CRYPTO

4 files changed, 14 insertions, 3 deletions

diff --git a/cpp/src/Ice/PropertyNames.cpp b/cpp/src/Ice/PropertyNames.cpp
index 527d7e84d6d..e44b6b2ea2a 100644
--- a/cpp/src/Ice/PropertyNames.cpp
+++ b/cpp/src/Ice/PropertyNames.cpp
@@ -6,7 +6,7 @@
 // ICE_LICENSE file included in this distribution.
 //
 // **********************************************************************
-// Generated by makeprops.py from file ./config/PropertyNames.xml, Thu Mar 23 15:24:16 2017
+// Generated by makeprops.py from file ..\config\PropertyNames.xml, Mon Mar 27 16:51:58 2017
 
 // IMPORTANT: Do not edit this file -- any edits made here will be lost!
 
@@ -1065,6 +1065,7 @@ const IceInternal::Property IceSSLPropsData[] =
     IceInternal::Property("IceSSL.ProtocolVersionMax", false, 0),
     IceInternal::Property("IceSSL.ProtocolVersionMin", false, 0),
     IceInternal::Property("IceSSL.Random", false, 0),
+    IceInternal::Property("IceSSL.SchannelStrongCrypto", false, 0),
     IceInternal::Property("IceSSL.Trace.Security", false, 0),
     IceInternal::Property("IceSSL.TrustOnly", false, 0),
     IceInternal::Property("IceSSL.TrustOnly.Client", false, 0),
diff --git a/cpp/src/Ice/PropertyNames.h b/cpp/src/Ice/PropertyNames.h
index 485d4afaaa1..2e448162df5 100644
--- a/cpp/src/Ice/PropertyNames.h
+++ b/cpp/src/Ice/PropertyNames.h
@@ -6,7 +6,7 @@
 // ICE_LICENSE file included in this distribution.
 //
 // **********************************************************************
-// Generated by makeprops.py from file ./config/PropertyNames.xml, Thu Mar 23 15:24:16 2017
+// Generated by makeprops.py from file ..\config\PropertyNames.xml, Mon Mar 27 16:51:58 2017
 
 // IMPORTANT: Do not edit this file -- any edits made here will be lost!
 
diff --git a/cpp/src/IceSSL/SChannelEngine.cpp b/cpp/src/IceSSL/SChannelEngine.cpp
index f5bdb3fbd6b..f4a5ce68e6d 100644
--- a/cpp/src/IceSSL/SChannelEngine.cpp
+++ b/cpp/src/IceSSL/SChannelEngine.cpp
@@ -564,7 +564,8 @@ algorithmId(const string& name)
 SChannel::SSLEngine::SSLEngine(const CommunicatorPtr& communicator) :
     IceSSL::SSLEngine(communicator),
     _rootStore(0),
-    _chainEngine(0)
+    _chainEngine(0),
+    _strongCrypto(false)
 {
 }
 
@@ -593,6 +594,8 @@ SChannel::SSLEngine::initialize()
     const_cast<DWORD&>(_protocols) =
         parseProtocols(properties->getPropertyAsListWithDefault(prefix + "Protocols", defaultProtocols));
 
+    const_cast<bool&>(_strongCrypto) = properties->getPropertyAsIntWithDefault(prefix + "SchannelStrongCrypto", 0) > 0;
+
     //
     // Check for a default directory. We look in this directory for
     // files mentioned in the configuration.
@@ -1129,6 +1132,11 @@ SChannel::SSLEngine::newCredentialsHandle(bool incoming)
         cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION | SCH_CRED_NO_SERVERNAME_CHECK | SCH_CRED_NO_DEFAULT_CREDS;
     }
 
+    if(_strongCrypto)
+    {
+        cred.dwFlags |= SCH_USE_STRONG_CRYPTO;
+    }
+
     if(!_ciphers.empty())
     {
         cred.cSupportedAlgs = static_cast<DWORD>(_ciphers.size());
diff --git a/cpp/src/IceSSL/SChannelEngine.h b/cpp/src/IceSSL/SChannelEngine.h
index e37d42b83a2..8b346158b28 100644
--- a/cpp/src/IceSSL/SChannelEngine.h
+++ b/cpp/src/IceSSL/SChannelEngine.h
@@ -115,6 +115,8 @@ private:
 
     HCERTCHAINENGINE _chainEngine;
     std::vector<ALG_ID> _ciphers;
+
+    const bool _strongCrypto;
 };
 
 }