diff options
| author | Koichiro IWAO <meta@vmeta.jp> | 2016-12-14 14:47:46 +0900 |
|---|---|---|
| committer | metalefty <meta@vmeta.jp> | 2017-02-27 14:17:25 +0900 |
| commit | c64e9992e6f3327e7167416fe55e0b56d6f99a58 (patch) | |
| tree | 214a9114375d7979a622830812d94450076a7010 /libxrdp | |
| parent | e94ab10e14edd2f6ca021cb2c77b9f9031665452 (diff) | |
| download | xrdp-proprietary-c64e9992e6f3327e7167416fe55e0b56d6f99a58.tar.gz xrdp-proprietary-c64e9992e6f3327e7167416fe55e0b56d6f99a58.zip | |
TLS: warn if no SSL/TLS protocols enabled
Diffstat (limited to 'libxrdp')
| -rw-r--r-- | libxrdp/xrdp_rdp.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c index bdb552c8..e84ff95b 100644 --- a/libxrdp/xrdp_rdp.c +++ b/libxrdp/xrdp_rdp.c @@ -170,7 +170,7 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info) tmp = g_new(char, tmp_length); g_snprintf(tmp, tmp_length, "%s%s%s", " ", value, " "); - /* disable all protocols first, enable later */ + /* disable all protocols first, enable later */ client_info->ssl_protocols = SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; @@ -194,6 +194,14 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info) log_message(LOG_LEVEL_DEBUG, "SSLv3 enabled"); client_info->ssl_protocols &= ~SSL_OP_NO_SSLv3; } + + if (client_info->ssl_protocols == + (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2)) + { + log_message(LOG_LEVEL_WARNING, "No SSL/TLS protocols enabled. " + "At least one protocol should be enabled to accept " + "TLS connections."); + } } else if (g_strcasecmp(item, "tls_ciphers") == 0) { |