diff options
| author | Mark Spruiell <mes@zeroc.com> | 2003-01-29 23:19:33 +0000 |
|---|---|---|
| committer | Mark Spruiell <mes@zeroc.com> | 2003-01-29 23:19:33 +0000 |
| commit | f33050f80e1e03187ad2972b1d7bf746f4f04527 (patch) | |
| tree | f66b736fc5a5c08665a3420f2e4701fc8d83f353 /cpp/src | |
| parent | dsacert is not a valid child of tempcerts; removing SSLv2 (diff) | |
| download | ice-f33050f80e1e03187ad2972b1d7bf746f4f04527.tar.bz2 ice-f33050f80e1e03187ad2972b1d7bf746f4f04527.tar.xz ice-f33050f80e1e03187ad2972b1d7bf746f4f04527.zip | |
disable SSLv2
Diffstat (limited to 'cpp/src')
| -rw-r--r-- | cpp/src/IceSSL/Context.cpp | 15 | ||||
| -rw-r--r-- | cpp/src/IceSSL/GeneralConfig.cpp | 6 | ||||
| -rw-r--r-- | cpp/src/IceSSL/OpenSSL.h | 3 |
3 files changed, 8 insertions, 16 deletions
diff --git a/cpp/src/IceSSL/Context.cpp b/cpp/src/IceSSL/Context.cpp index 611af358085..657ad84b4e7 100644 --- a/cpp/src/IceSSL/Context.cpp +++ b/cpp/src/IceSSL/Context.cpp @@ -105,12 +105,15 @@ IceSSL::Context::setRSAKeys(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& void IceSSL::Context::configure(const GeneralConfig& generalConfig, - const CertificateAuthority& certificateAuthority, - const BaseCertificates& baseCertificates) + const CertificateAuthority& certificateAuthority, + const BaseCertificates& baseCertificates) { // Create an SSL Context based on the context params. createContext(generalConfig.getProtocol()); + // Enable workarounds and disable SSLv2. + SSL_CTX_set_options(_sslContext, SSL_OP_ALL|SSL_OP_NO_SSLv2); + // Get the cipherlist and set it in the context. setCipherList(generalConfig.getCipherList()); @@ -122,7 +125,7 @@ IceSSL::Context::configure(const GeneralConfig& generalConfig, // Determine the number of retries the user gets on passphrase entry. string passphraseRetries = _properties->getPropertyWithDefault(_passphraseRetriesProperty, - _maxPassphraseRetriesDefault); + _maxPassphraseRetriesDefault); int retries = atoi(passphraseRetries.c_str()); retries = (retries < 0 ? 0 : retries); _maxPassphraseTries = retries + 1; @@ -162,12 +165,6 @@ IceSSL::Context::getSslMethod(SslProtocol sslVersion) switch(sslVersion) { - case SSL_V2 : - { - sslMethod = SSLv2_method(); - break; - } - case SSL_V23 : { sslMethod = SSLv23_method(); diff --git a/cpp/src/IceSSL/GeneralConfig.cpp b/cpp/src/IceSSL/GeneralConfig.cpp index 62d688154b8..6e7f88e3cdc 100644 --- a/cpp/src/IceSSL/GeneralConfig.cpp +++ b/cpp/src/IceSSL/GeneralConfig.cpp @@ -106,11 +106,7 @@ IceSSL::GeneralConfig::set(string& name, string& value) void IceSSL::GeneralConfig::parseVersion(string& value) { - if(value.compare("SSLv2") == 0) - { - _sslVersion = SSL_V2; - } - else if(value.compare("SSLv23") == 0) + if(value.compare("SSLv23") == 0) { _sslVersion = SSL_V23; } diff --git a/cpp/src/IceSSL/OpenSSL.h b/cpp/src/IceSSL/OpenSSL.h index 16613db2bdf..15b25756b1b 100644 --- a/cpp/src/IceSSL/OpenSSL.h +++ b/cpp/src/IceSSL/OpenSSL.h @@ -32,8 +32,7 @@ typedef enum enum SslProtocol { - SSL_V2 = 1, // Only speak SSLv2 - SSL_V23, // Speak SSLv2 and SSLv3 + SSL_V23 = 1, // Speak SSLv3 and TLSv1 SSL_V3, // Only speak SSLv3 TLS_V1 // Only speak TLSv1 }; |