From 4b5fd956574ad27e640f293d7630d08cc87e0bb5 Mon Sep 17 00:00:00 2001 From: Mark Travis Date: Wed, 15 Oct 2014 12:30:06 -0700 Subject: [PATCH] Disable SSLv3 --- src/beast/beast/module/asio/http/HTTPClientType.cpp | 1 + src/ripple/common/impl/RippleSSLContext.cpp | 1 + .../examples/broadcast_server_tls/broadcast_server_handler.hpp | 1 + src/websocket/examples/echo_server_tls/echo_server_tls.cpp | 1 + src/websocket/examples/fuzzing_server_tls/fuzzing_server_tls.cpp | 1 + 5 files changed, 5 insertions(+) diff --git a/src/beast/beast/module/asio/http/HTTPClientType.cpp b/src/beast/beast/module/asio/http/HTTPClientType.cpp index a25159c11..71d501ae2 100644 --- a/src/beast/beast/module/asio/http/HTTPClientType.cpp +++ b/src/beast/beast/module/asio/http/HTTPClientType.cpp @@ -238,6 +238,7 @@ public: m_context.set_default_verify_paths (); m_context.set_options ( boost::asio::ssl::context::no_sslv2 | + boost::asio::ssl::context::no_sslv3 | boost::asio::ssl::context::single_dh_use | boost::asio::ssl::context::default_workarounds); //m_context.set_verify_mode (boost::asio::ssl::verify_peer); diff --git a/src/ripple/common/impl/RippleSSLContext.cpp b/src/ripple/common/impl/RippleSSLContext.cpp index 3c01e28a0..d3f2b4048 100644 --- a/src/ripple/common/impl/RippleSSLContext.cpp +++ b/src/ripple/common/impl/RippleSSLContext.cpp @@ -164,6 +164,7 @@ public: m_context.set_options ( boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | + boost::asio::ssl::context::no_sslv3 | boost::asio::ssl::context::single_dh_use); SSL_CTX_set_tmp_dh_callback ( diff --git a/src/websocket/examples/broadcast_server_tls/broadcast_server_handler.hpp b/src/websocket/examples/broadcast_server_tls/broadcast_server_handler.hpp index 3bb8868b4..13d13ea7c 100644 --- a/src/websocket/examples/broadcast_server_tls/broadcast_server_handler.hpp +++ b/src/websocket/examples/broadcast_server_tls/broadcast_server_handler.hpp @@ -61,6 +61,7 @@ public: try { context->set_options(boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | + boost::asio::ssl::context::no_sslv3 | boost::asio::ssl::context::single_dh_use); context->set_password_callback(boost::bind(&type::get_password, this)); context->use_certificate_chain_file("../../src/ssl/server.pem"); diff --git a/src/websocket/examples/echo_server_tls/echo_server_tls.cpp b/src/websocket/examples/echo_server_tls/echo_server_tls.cpp index dcff70f7b..17672969d 100644 --- a/src/websocket/examples/echo_server_tls/echo_server_tls.cpp +++ b/src/websocket/examples/echo_server_tls/echo_server_tls.cpp @@ -50,6 +50,7 @@ public: try { context->set_options(boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | + boost::asio::ssl::context::no_sslv3 | boost::asio::ssl::context::single_dh_use); context->set_password_callback(boost::bind(&type::get_password, this)); context->use_certificate_chain_file("../../src/ssl/server.pem"); diff --git a/src/websocket/examples/fuzzing_server_tls/fuzzing_server_tls.cpp b/src/websocket/examples/fuzzing_server_tls/fuzzing_server_tls.cpp index e27bf65b1..574f2df89 100644 --- a/src/websocket/examples/fuzzing_server_tls/fuzzing_server_tls.cpp +++ b/src/websocket/examples/fuzzing_server_tls/fuzzing_server_tls.cpp @@ -52,6 +52,7 @@ public: try { context->set_options(boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | + boost::asio::ssl::context::no_sslv3 | boost::asio::ssl::context::single_dh_use); context->set_password_callback(boost::bind(&type::get_password, this)); context->use_certificate_chain_file("../../src/ssl/server.pem");