Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-11-22 16:20:52 +01:00
Code Releases Activity

Disable old and unsecure ciphers in TLS driver

Browse Source 
Disable:
- export ciphers - broken by design, 40 and 56 bit encryption
- low encryption ciphers - 56 and 64 bit encryption
- SSLv2 ciphers - some ciphers using MD5 MAC
This commit is contained in:
Janusz Dziemidowicz 2012-07-18 22:00:58 +02:00
parent e06c1c49c1
commit d2d51381ec
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/tls/tls_drv.c
View File

@ -44,6 +44,8 @@ typedef unsigned __int32 uint32_t;
#define SSL_OP_NO_TICKET 0 #define SSL_OP_NO_TICKET 0
#endif #endif
#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2"
/* /*
* R15B changed several driver callbacks to use ErlDrvSizeT and * R15B changed several driver callbacks to use ErlDrvSizeT and
* ErlDrvSSizeT typedefs instead of int. * ErlDrvSSizeT typedefs instead of int.
@ -356,6 +358,8 @@ static ErlDrvSSizeT tls_drv_control(ErlDrvData handle,
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET); SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET);
SSL_CTX_set_cipher_list(ctx, CIPHERS);
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
SSL_CTX_set_default_verify_paths(ctx); SSL_CTX_set_default_verify_paths(ctx);
#ifdef SSL_MODE_RELEASE_BUFFERS #ifdef SSL_MODE_RELEASE_BUFFERS