disable anonymnous cipher suites to match Windows and OSX behavior (#29893)

* disable anonymnous cipher suites to match Windows and OSX behavior
author: Tomas Weinfurt <tweinfurt@yahoo.com> 2018-06-01 19:29:58 +0300
committer: Marek Safar <marek.safar@gmail.com> 2018-06-19 12:33:12 +0300
commit: b3522b1f347f0252e48132952188078df74818e8 (patch)
tree: 92eb311de19d4ef104c40ad4356c11f25422071c
parent: f961cb775cdd1e71381e48721a5d94d1d53cbc39 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/Native/Unix/System.Security.Cryptography.Native/pal_ssl.cpp b/src/Native/Unix/System.Security.Cryptography.Native/pal_ssl.cpp
index 40de77cbc4..f93cdf3ced 100644
--- a/src/Native/Unix/System.Security.Cryptography.Native/pal_ssl.cpp
+++ b/src/Native/Unix/System.Security.Cryptography.Native/pal_ssl.cpp
@@ -510,7 +510,9 @@ CryptoNative_SslCtxSetCertVerifyCallback(SSL_CTX* ctx, SslCtxSetCertVerifyCallba
 // delimiter ":" is used to allow more than one strings
 // below string is corresponding to "AllowNoEncryption"
 #define SSL_TXT_Separator ":"
+#define SSL_TXT_Exclusion "!"
 #define SSL_TXT_AllIncludingNull SSL_TXT_ALL SSL_TXT_Separator SSL_TXT_eNULL
+#define SSL_TXT_NotAnon SSL_TXT_Separator SSL_TXT_Exclusion SSL_TXT_aNULL
 
 extern "C" int32_t CryptoNative_SetEncryptionPolicy(SSL_CTX* ctx, EncryptionPolicy policy)
 {
@@ -518,7 +520,7 @@ extern "C" int32_t CryptoNative_SetEncryptionPolicy(SSL_CTX* ctx, EncryptionPoli
     switch (policy)
     {
         case EncryptionPolicy::RequireEncryption:
-            cipherString = SSL_TXT_ALL;
+            cipherString = SSL_TXT_ALL SSL_TXT_NotAnon;
             break;
 
         case EncryptionPolicy::AllowNoEncryption:
author	Tomas Weinfurt <tweinfurt@yahoo.com>	2018-06-01 19:29:58 +0300
committer	Marek Safar <marek.safar@gmail.com>	2018-06-19 12:33:12 +0300
commit	b3522b1f347f0252e48132952188078df74818e8 (patch)
tree	92eb311de19d4ef104c40ad4356c11f25422071c
parent	f961cb775cdd1e71381e48721a5d94d1d53cbc39 (diff)