diff options
| author | Koichiro IWAO <meta@vmeta.jp> | 2018-03-03 12:17:27 +0900 |
|---|---|---|
| committer | Koichiro IWAO <meta@vmeta.jp> | 2018-03-18 21:14:06 +0900 |
| commit | e3d0fd6d468fbbdd0265e09bec118d450d553512 (patch) | |
| tree | 434f17248522c1a6227798563b14236d8c0c9c81 | |
| parent | 97c21bc97274096cd7cf50cf3f253f946a404259 (diff) | |
| download | xrdp-proprietary-e3d0fd6d468fbbdd0265e09bec118d450d553512.tar.gz xrdp-proprietary-e3d0fd6d468fbbdd0265e09bec118d450d553512.zip | |
common: temporarily disable DHE
until make it possible to use generated DH parameters per installation.
| -rw-r--r-- | common/ssl_calls.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/common/ssl_calls.c b/common/ssl_calls.c index ccc0e70c..9347e411 100644 --- a/common/ssl_calls.c +++ b/common/ssl_calls.c @@ -492,6 +492,7 @@ see also * https://wiki.openssl.org/index.php/Diffie-Hellman_parameters * https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_tmp_dh_callback(3) */ +#if 0 /* temprarily disable DHE until make DH parameters not static */ DH *get_dh2236() { static unsigned char dh2236_p[] = { @@ -538,6 +539,7 @@ DH *get_dh2236() } return dh; } +#endif /*****************************************************************************/ struct ssl_tls * @@ -646,6 +648,7 @@ ssl_tls_accept(struct ssl_tls *self, long ssl_protocols, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE); SSL_CTX_set_options(self->ctx, options); +#if 0 /* temprarily disable DHE until make DH parameters not static */ DH *dh = get_dh2236(); if (SSL_CTX_set_tmp_dh(self->ctx, dh) != 1) { @@ -653,6 +656,7 @@ ssl_tls_accept(struct ssl_tls *self, long ssl_protocols, return 1; } DH_free(dh); +#endif #if defined(SSL_CTX_set_ecdh_auto) SSL_CTX_set_ecdh_auto(self->ctx, 1); #endif |