You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kg...@apache.org on 2014/10/20 15:07:15 UTC
svn commit: r1633146 - /qpid/trunk/qpid/cpp/src/qpid/sys/ssl/util.cpp
Author: kgiusti
Date: Mon Oct 20 13:07:15 2014
New Revision: 1633146
URL: http://svn.apache.org/r1633146
Log:
QPID-6160: disable SSLv3 in CPP broker and client
Modified:
qpid/trunk/qpid/cpp/src/qpid/sys/ssl/util.cpp
Modified: qpid/trunk/qpid/cpp/src/qpid/sys/ssl/util.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/util.cpp?rev=1633146&r1=1633145&r2=1633146&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/sys/ssl/util.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/sys/ssl/util.cpp Mon Oct 20 13:07:15 2014
@@ -107,6 +107,16 @@ void initNSS(const SslOptions& options,
//use defaults for all args, TODO: may want to make this configurable
SSL_ConfigServerSessionIDCache(0, 0, 0, 0);
}
+
+ // disable SSLv2 and SSLv3 versions of the protocol - they are
+ // no longer considered secure
+ SSLVersionRange vrange;
+ const uint16_t tlsv1 = 0x0301; // Protocol version for TLSv1.0
+ NSS_CHECK(SSL_VersionRangeGetDefault(ssl_variant_stream, &vrange));
+ if (vrange.min < tlsv1) {
+ vrange.min = tlsv1;
+ NSS_CHECK(SSL_VersionRangeSetDefault(ssl_variant_stream, &vrange));
+ }
}
void shutdownNSS()
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org