new options for xrdp.ini disableSSlv3=yes and tls_ciphers=HIGH and code to implement

2 files changed, 11 insertions, 1 deletions

diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c
index 852a50bf..3cb075b3 100644
--- a/libxrdp/xrdp_rdp.c
+++ b/libxrdp/xrdp_rdp.c
@@ -160,6 +160,14 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
                 client_info->use_fast_path = 0;
             }
         }
+        else if (g_strcasecmp(item, "disableSSLv3") == 0)
+        {
+            client_info->disableSSLv3 = g_text2bool(value);
+        }
+        else if (g_strcasecmp(item, "tls_ciphers") == 0)
+        {
+            g_strcpy(client_info->tls_ciphers, value);
+        }
         else if (g_strcasecmp(item, "security_layer") == 0)
         {
             if (g_strcasecmp(value, "rdp") == 0)
diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c
index a31190ca..d2101b60 100644
--- a/libxrdp/xrdp_sec.c
+++ b/libxrdp/xrdp_sec.c
@@ -2236,7 +2236,9 @@ xrdp_sec_incoming(struct xrdp_sec *self)
 
         if (trans_set_tls_mode(self->mcs_layer->iso_layer->trans,
                 self->rdp_layer->client_info.key_file,
-                self->rdp_layer->client_info.certificate) != 0)
+                self->rdp_layer->client_info.certificate,
+                self->rdp_layer->client_info.disableSSLv3,
+                self->rdp_layer->client_info.tls_ciphers) != 0)
         {
             g_writeln("xrdp_sec_incoming: trans_set_tls_mode failed");
             return 1;