diff options
| author | dnobori <da.git@softether.co.jp> | 2014-10-22 20:00:30 +0400 |
|---|---|---|
| committer | dnobori <da.git@softether.co.jp> | 2014-10-22 20:00:30 +0400 |
| commit | 2b3a4d0b757e3c46f175c0a0df66a84ffbe2b39c (patch) | |
| tree | 10506fa43d54b301f0dc4ee70121c6250a43a4a4 /src/Mayaqua | |
| parent | 10d4b2c43ddc9fcc2f318c76e3d66f11ef383fad (diff) | |
v4.11-9506-beta
Diffstat (limited to 'src/Mayaqua')
| -rw-r--r-- | src/Mayaqua/Network.c | 36 | ||||
| -rw-r--r-- | src/Mayaqua/Network.h | 1 |
2 files changed, 35 insertions, 2 deletions
diff --git a/src/Mayaqua/Network.c b/src/Mayaqua/Network.c index b09c6ee1..bf3231fb 100644 --- a/src/Mayaqua/Network.c +++ b/src/Mayaqua/Network.c @@ -231,7 +231,7 @@ static LIST *host_ip_address_cache = NULL; static bool disable_gethostname_by_accept = false;
-static char *cipher_list = "RC4-MD5 RC4-SHA AES128-SHA AES256-SHA DES-CBC-SHA DES-CBC3-SHA";
+static char *cipher_list = "RC4-MD5 RC4-SHA AES128-SHA AES256-SHA DES-CBC-SHA DES-CBC3-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA";
static LIST *ip_clients = NULL;
static LIST *local_mac_list = NULL;
@@ -243,6 +243,8 @@ static UINT rand_port_numbers[256] = {0}; static bool g_use_privateip_file = false;
static bool g_source_ip_validation_force_disable = false;
+static DH_CTX *dh_1024 = NULL;
+
typedef struct PRIVATE_IP_SUBNET
{
UINT Ip, Mask, Ip2;
@@ -12772,7 +12774,14 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch {
if (sock->ServerMode)
{
- SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
+ if (sock->AcceptOnlyTls == false)
+ {
+ SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
+ }
+ else
+ {
+ SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_method());
+ }
Unlock(openssl_lock);
AddChainSslCertOnDirectory(ssl_ctx);
@@ -17402,6 +17411,19 @@ void UnlockDnsCache() UnlockList(DnsCache);
}
+// DH temp key callback
+DH *TmpDhCallback(SSL *ssl, int is_export, int keylength)
+{
+ DH *ret = NULL;
+
+ if (dh_1024 != NULL)
+ {
+ ret = dh_1024->dh;
+ }
+
+ return ret;
+}
+
// Create the SSL_CTX
struct ssl_ctx_st *NewSSLCtx(bool server_mode)
{
@@ -17418,6 +17440,8 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode) }
#endif // SSL_OP_CIPHER_SERVER_PREFERENCE
+ SSL_CTX_set_tmp_dh_callback(ctx, TmpDhCallback);
+
return ctx;
}
@@ -17488,6 +17512,8 @@ void InitNetwork() disable_cache = false;
+ dh_1024 = DhNewGroup2();
+
Zero(rand_port_numbers, sizeof(rand_port_numbers));
}
@@ -17852,6 +17878,12 @@ void SetCurrentGlobalIP(IP *ip, bool ipv6) void FreeNetwork()
{
+ if (dh_1024 != NULL)
+ {
+ DhFree(dh_1024);
+ dh_1024 = NULL;
+ }
+
// Release of thread-related
FreeWaitThread();
diff --git a/src/Mayaqua/Network.h b/src/Mayaqua/Network.h index d5a6c59d..60064852 100644 --- a/src/Mayaqua/Network.h +++ b/src/Mayaqua/Network.h @@ -305,6 +305,7 @@ struct SOCK IP Reverse_MyServerGlobalIp; // Self global IP address when using the reverse socket
UINT Reverse_MyServerPort; // Self port number when using the reverse socket
UCHAR Ssl_Init_Async_SendAlert[2]; // Initial state of SSL send_alert
+ bool AcceptOnlyTls; // Accept only TLS (disable SSLv3)
#ifdef ENABLE_SSL_LOGGING
// SSL Logging (for debug)
|