diff options
| author | Raymond Tau <raymondtau@gmail.com> | 2015-11-23 11:15:10 +0300 |
|---|---|---|
| committer | Raymond Tau <raymondtau@gmail.com> | 2015-11-23 11:15:10 +0300 |
| commit | 04b72873c79375fc9845e03f1d575d4891ea723f (patch) | |
| tree | 7dd1418d5c2cd1d0fa05648946729d66a546a184 /src/Cedar | |
| parent | 8b1b67faedaac1c84c54874aa50a1e89952915af (diff) | |
Fix the problem of the DisableSslVersions patch.
Diffstat (limited to 'src/Cedar')
| -rw-r--r-- | src/Cedar/Cedar.c | 2 | ||||
| -rw-r--r-- | src/Cedar/Cedar.h | 9 | ||||
| -rw-r--r-- | src/Cedar/Server.c | 10 |
3 files changed, 13 insertions, 8 deletions
diff --git a/src/Cedar/Cedar.c b/src/Cedar/Cedar.c index 49841778..9242ff5b 100644 --- a/src/Cedar/Cedar.c +++ b/src/Cedar/Cedar.c @@ -1803,6 +1803,8 @@ CEDAR *NewCedar(X *server_x, K *server_k) c->BuildInfo = CopyStr(tmp);
+ c->DisableSslVersions = SSL_OPT_DEFAULT;
+
return c;
}
diff --git a/src/Cedar/Cedar.h b/src/Cedar/Cedar.h index 4618c9c5..6bbfd1cc 100644 --- a/src/Cedar/Cedar.h +++ b/src/Cedar/Cedar.h @@ -415,8 +415,11 @@ #define NAME_SSL_VERSION_SSL_V2 "SSL_V2" // SSLv2
#define NAME_SSL_VERSION_SSL_V3 "SSL_V3" // SSLv3
#define NAME_SSL_VERSION_TLS_V1_0 "TLS_V1_0" // TLS v1.0
-#define NAME_SSL_VERSION_TLS_V1_0 "TLS_V1_1" // TLS v1.1
-#define NAME_SSL_VERSION_TLS_V1_0 "TLS_V1_2" // TLS v1.2
+#define NAME_SSL_VERSION_TLS_V1_1 "TLS_V1_1" // TLS v1.1
+#define NAME_SSL_VERSION_TLS_V1_2 "TLS_V1_2" // TLS v1.2
+
+// OpenSSL SSL Context Option Flags default
+#define SSL_OPT_DEFAULT 0x0
//////////////////////////////////////////////////////////////////////
//
@@ -1065,7 +1068,7 @@ typedef struct CEDAR LOCK *FifoBudgetLock; // Fifo budget lock
UINT FifoBudget; // Fifo budget
bool AcceptOnlyTls; // Accept only TLS (Disable SSL)
- UINT DisableSslVersions = 0x0; // Bitmap of SSL Version to disable
+ UINT DisableSslVersions; // Bitmap of SSL Version to disable
char OpenVPNDefaultClientOption[MAX_SIZE]; // OpenVPN Default Client Option String
} CEDAR;
diff --git a/src/Cedar/Server.c b/src/Cedar/Server.c index bfd14338..23c08593 100644 --- a/src/Cedar/Server.c +++ b/src/Cedar/Server.c @@ -6167,23 +6167,23 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f) UINT i;
for (i = 0;i < sslVersions->NumTokens;i++)
{
- if (strcmp(tmp, NAME_SSL_VERSION_SSL_V2))
+ if (strcmp(tmp, NAME_SSL_VERSION_SSL_V2)) {
c->DisableSslVersions |= SSL_VERSION_SSL_V2;
continue;
}
- if (strcmp(tmp, NAME_SSL_VERSION_SSL_V3))
+ if (strcmp(tmp, NAME_SSL_VERSION_SSL_V3)) {
c->DisableSslVersions |= SSL_VERSION_SSL_V3;
continue;
}
- if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_0))
+ if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_0)) {
c->DisableSslVersions |= SSL_VERSION_TLS_V1_0;
continue;
}
- if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_1))
+ if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_1)) {
c->DisableSslVersions |= SSL_VERSION_TLS_V1_1;
continue;
}
- if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_2))
+ if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_2)) {
c->DisableSslVersions |= SSL_VERSION_TLS_V1_2;
continue;
}
|