Merge pull request #5434

683dc40 Disable SSLv3 (in favor of TLS) for the RPC client and server. (Gregory Maxwell)
This commit is contained in:
Wladimir J. van der Laan 2014-12-08 13:30:21 +01:00
commit 4b5b263ac0
No known key found for this signature in database
GPG Key ID: 74810B012346C9A6
2 changed files with 2 additions and 2 deletions

View File

@ -110,7 +110,7 @@ Object CallRPC(const string& strMethod, const Array& params)
bool fUseSSL = GetBoolArg("-rpcssl", false);
asio::io_service io_service;
ssl::context context(io_service, ssl::context::sslv23);
context.set_options(ssl::context::no_sslv2);
context.set_options(ssl::context::no_sslv2 | ssl::context::no_sslv3);
asio::ssl::stream<asio::ip::tcp::socket> sslStream(io_service, context);
SSLIOStreamDevice<asio::ip::tcp> d(sslStream, fUseSSL);
iostreams::stream< SSLIOStreamDevice<asio::ip::tcp> > stream(d);

View File

@ -597,7 +597,7 @@ void StartRPCThreads()
if (fUseSSL)
{
rpc_ssl_context->set_options(ssl::context::no_sslv2);
rpc_ssl_context->set_options(ssl::context::no_sslv2 | ssl::context::no_sslv3);
filesystem::path pathCertFile(GetArg("-rpcsslcertificatechainfile", "server.cert"));
if (!pathCertFile.is_complete()) pathCertFile = filesystem::path(GetDataDir()) / pathCertFile;