mirror of
https://github.com/processone/ejabberd.git
synced 2024-10-31 15:21:38 +01:00
Disable old and unsecure ciphers in TLS driver
Disable: - export ciphers - broken by design, 40 and 56 bit encryption - low encryption ciphers - 56 and 64 bit encryption - SSLv2 ciphers - some ciphers using MD5 MAC
This commit is contained in:
parent
e1f8233d08
commit
df72de96ae
@ -44,6 +44,8 @@ typedef unsigned __int32 uint32_t;
|
||||
#define SSL_OP_NO_TICKET 0
|
||||
#endif
|
||||
|
||||
#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2"
|
||||
|
||||
/*
|
||||
* R15B changed several driver callbacks to use ErlDrvSizeT and
|
||||
* ErlDrvSSizeT typedefs instead of int.
|
||||
@ -354,6 +356,8 @@ static ErlDrvSSizeT tls_drv_control(ErlDrvData handle,
|
||||
res = SSL_CTX_check_private_key(ctx);
|
||||
die_unless(res > 0, "SSL_CTX_check_private_key failed");
|
||||
|
||||
SSL_CTX_set_cipher_list(ctx, CIPHERS);
|
||||
|
||||
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
|
||||
SSL_CTX_set_default_verify_paths(ctx);
|
||||
#ifdef SSL_MODE_RELEASE_BUFFERS
|
||||
|
Loading…
Reference in New Issue
Block a user