Merge pull request #5434
683dc40
Disable SSLv3 (in favor of TLS) for the RPC client and server. (Gregory Maxwell)
This commit is contained in:
commit
4b5b263ac0
@ -110,7 +110,7 @@ Object CallRPC(const string& strMethod, const Array& params)
|
||||
bool fUseSSL = GetBoolArg("-rpcssl", false);
|
||||
asio::io_service io_service;
|
||||
ssl::context context(io_service, ssl::context::sslv23);
|
||||
context.set_options(ssl::context::no_sslv2);
|
||||
context.set_options(ssl::context::no_sslv2 | ssl::context::no_sslv3);
|
||||
asio::ssl::stream<asio::ip::tcp::socket> sslStream(io_service, context);
|
||||
SSLIOStreamDevice<asio::ip::tcp> d(sslStream, fUseSSL);
|
||||
iostreams::stream< SSLIOStreamDevice<asio::ip::tcp> > stream(d);
|
||||
|
@ -597,7 +597,7 @@ void StartRPCThreads()
|
||||
|
||||
if (fUseSSL)
|
||||
{
|
||||
rpc_ssl_context->set_options(ssl::context::no_sslv2);
|
||||
rpc_ssl_context->set_options(ssl::context::no_sslv2 | ssl::context::no_sslv3);
|
||||
|
||||
filesystem::path pathCertFile(GetArg("-rpcsslcertificatechainfile", "server.cert"));
|
||||
if (!pathCertFile.is_complete()) pathCertFile = filesystem::path(GetDataDir()) / pathCertFile;
|
||||
|
Loading…
Reference in New Issue
Block a user