Merge pull request #5434
683dc40
Disable SSLv3 (in favor of TLS) for the RPC client and server. (Gregory Maxwell)
This commit is contained in:
commit
4b5b263ac0
@ -110,7 +110,7 @@ Object CallRPC(const string& strMethod, const Array& params)
|
|||||||
bool fUseSSL = GetBoolArg("-rpcssl", false);
|
bool fUseSSL = GetBoolArg("-rpcssl", false);
|
||||||
asio::io_service io_service;
|
asio::io_service io_service;
|
||||||
ssl::context context(io_service, ssl::context::sslv23);
|
ssl::context context(io_service, ssl::context::sslv23);
|
||||||
context.set_options(ssl::context::no_sslv2);
|
context.set_options(ssl::context::no_sslv2 | ssl::context::no_sslv3);
|
||||||
asio::ssl::stream<asio::ip::tcp::socket> sslStream(io_service, context);
|
asio::ssl::stream<asio::ip::tcp::socket> sslStream(io_service, context);
|
||||||
SSLIOStreamDevice<asio::ip::tcp> d(sslStream, fUseSSL);
|
SSLIOStreamDevice<asio::ip::tcp> d(sslStream, fUseSSL);
|
||||||
iostreams::stream< SSLIOStreamDevice<asio::ip::tcp> > stream(d);
|
iostreams::stream< SSLIOStreamDevice<asio::ip::tcp> > stream(d);
|
||||||
|
@ -597,7 +597,7 @@ void StartRPCThreads()
|
|||||||
|
|
||||||
if (fUseSSL)
|
if (fUseSSL)
|
||||||
{
|
{
|
||||||
rpc_ssl_context->set_options(ssl::context::no_sslv2);
|
rpc_ssl_context->set_options(ssl::context::no_sslv2 | ssl::context::no_sslv3);
|
||||||
|
|
||||||
filesystem::path pathCertFile(GetArg("-rpcsslcertificatechainfile", "server.cert"));
|
filesystem::path pathCertFile(GetArg("-rpcsslcertificatechainfile", "server.cert"));
|
||||||
if (!pathCertFile.is_complete()) pathCertFile = filesystem::path(GetDataDir()) / pathCertFile;
|
if (!pathCertFile.is_complete()) pathCertFile = filesystem::path(GetDataDir()) / pathCertFile;
|
||||||
|
Loading…
Reference in New Issue
Block a user