Add ssl support for peer connections.

src/PeerDoor.cpp

@@ -14,23 +14,35 @@ using namespace std;
 using namespace boost::asio::ip;
 
 // Generate DH for SSL connection.
-static DH* handleTmpDh(SSL* ssl, int is_export, int keylength)
+static DH* handleTmpDh(SSL* ssl, int is_export, int iKeyLength)
 {
-	// We don't care if for export or what length was requested.  Always do 512.
-	static DH*	mDh512 = 0;
+	// We don't care if for export.
+	static DH*	sdh512	= 0;
+	static DH*	sdh1024 = 0;
 
-	if (!mDh512)
+	if (!sdh512 && 512 == iKeyLength)
 	{
 		int	iCodes;
 
 		do {
-			mDh512	= DH_generate_parameters(512, DH_GENERATOR_5, NULL, NULL);
+			sdh512	= DH_generate_parameters(512, DH_GENERATOR_5, NULL, NULL);
 			iCodes	= 0;
-			DH_check(mDh512, &iCodes);
+			DH_check(sdh512, &iCodes);
 		} while (iCodes & (DH_CHECK_P_NOT_PRIME|DH_CHECK_P_NOT_SAFE_PRIME|DH_UNABLE_TO_CHECK_GENERATOR|DH_NOT_SUITABLE_GENERATOR));
 	}
 
-	return mDh512;
+	if (!sdh1024 && 512 != iKeyLength)
+	{
+		int	iCodes;
+
+		do {
+			sdh1024	= DH_generate_parameters(1024, DH_GENERATOR_5, NULL, NULL);
+			iCodes	= 0;
+			DH_check(sdh1024, &iCodes);
+		} while (iCodes & (DH_CHECK_P_NOT_PRIME|DH_CHECK_P_NOT_SAFE_PRIME|DH_UNABLE_TO_CHECK_GENERATOR|DH_NOT_SUITABLE_GENERATOR));
+	}
+
+	return 512 == iKeyLength ? sdh512 : sdh1024;
 }
 
 PeerDoor::PeerDoor(boost::asio::io_service& io_service) :
@@ -43,7 +55,8 @@ PeerDoor::PeerDoor(boost::asio::io_service& io_service) :
 		| boost::asio::ssl::context::single_dh_use);
 
 	SSL_CTX_set_tmp_dh_callback(mCtx.native_handle(), handleTmpDh);
-	SSL_CTX_set_cipher_list(mCtx.native_handle(), "ALL:!LOW:!EXP:!MD5:@STRENGTH");
+	if (1 != SSL_CTX_set_cipher_list(mCtx.native_handle(), theConfig.PEER_SSL_CIPHER_LIST.c_str()))
+		std::runtime_error("Error setting cipher list (no valid ciphers).");
 
 	cerr << "Peer port: " << theConfig.PEER_IP << " " << theConfig.PEER_PORT << endl;