diff options
author | Tomas Weinfurt <tweinfurt@yahoo.com> | 2018-06-01 19:29:58 +0300 |
---|---|---|
committer | Marek Safar <marek.safar@gmail.com> | 2018-06-19 12:33:12 +0300 |
commit | b3522b1f347f0252e48132952188078df74818e8 (patch) | |
tree | 92eb311de19d4ef104c40ad4356c11f25422071c | |
parent | f961cb775cdd1e71381e48721a5d94d1d53cbc39 (diff) |
disable anonymnous cipher suites to match Windows and OSX behavior (#29893)
* disable anonymnous cipher suites to match Windows and OSX behavior
-rw-r--r-- | src/Native/Unix/System.Security.Cryptography.Native/pal_ssl.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/Native/Unix/System.Security.Cryptography.Native/pal_ssl.cpp b/src/Native/Unix/System.Security.Cryptography.Native/pal_ssl.cpp index 40de77cbc4..f93cdf3ced 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native/pal_ssl.cpp +++ b/src/Native/Unix/System.Security.Cryptography.Native/pal_ssl.cpp @@ -510,7 +510,9 @@ CryptoNative_SslCtxSetCertVerifyCallback(SSL_CTX* ctx, SslCtxSetCertVerifyCallba // delimiter ":" is used to allow more than one strings // below string is corresponding to "AllowNoEncryption" #define SSL_TXT_Separator ":" +#define SSL_TXT_Exclusion "!" #define SSL_TXT_AllIncludingNull SSL_TXT_ALL SSL_TXT_Separator SSL_TXT_eNULL +#define SSL_TXT_NotAnon SSL_TXT_Separator SSL_TXT_Exclusion SSL_TXT_aNULL extern "C" int32_t CryptoNative_SetEncryptionPolicy(SSL_CTX* ctx, EncryptionPolicy policy) { @@ -518,7 +520,7 @@ extern "C" int32_t CryptoNative_SetEncryptionPolicy(SSL_CTX* ctx, EncryptionPoli switch (policy) { case EncryptionPolicy::RequireEncryption: - cipherString = SSL_TXT_ALL; + cipherString = SSL_TXT_ALL SSL_TXT_NotAnon; break; case EncryptionPolicy::AllowNoEncryption: |