diff options
Diffstat (limited to 'common')
| -rw-r--r-- | common/ssl_calls.c | 13 | ||||
| -rw-r--r-- | common/ssl_calls.h | 2 | ||||
| -rw-r--r-- | common/trans.c | 4 | ||||
| -rw-r--r-- | common/trans.h | 2 | ||||
| -rw-r--r-- | common/xrdp_client_info.h | 2 |
5 files changed, 12 insertions, 11 deletions
diff --git a/common/ssl_calls.c b/common/ssl_calls.c index 0bae2f5e..9829a97b 100644 --- a/common/ssl_calls.c +++ b/common/ssl_calls.c @@ -535,7 +535,7 @@ ssl_tls_print_error(const char *func, SSL *connection, int value) /*****************************************************************************/ int APP_CC -ssl_tls_accept(struct ssl_tls *self, int disableSSLv3, +ssl_tls_accept(struct ssl_tls *self, long ssl_protocols, const char *tls_ciphers) { int connection_status; @@ -544,13 +544,14 @@ ssl_tls_accept(struct ssl_tls *self, int disableSSLv3, /** * SSL_OP_NO_SSLv2 * SSLv3 is used by, eg. Microsoft RDC for Mac OS X. - * No SSLv3 if disableSSLv3=yes so only tls used */ options |= SSL_OP_NO_SSLv2; - if (disableSSLv3) - { - options |= SSL_OP_NO_SSLv3; - } + + /** + * Disable SSL protocols not listed in ssl_protocols. + */ + options |= ssl_protocols; + #if defined(SSL_OP_NO_COMPRESSION) /** diff --git a/common/ssl_calls.h b/common/ssl_calls.h index 258e9848..c969ec43 100644 --- a/common/ssl_calls.h +++ b/common/ssl_calls.h @@ -96,7 +96,7 @@ struct ssl_tls struct ssl_tls *APP_CC ssl_tls_create(struct trans *trans, const char *key, const char *cert); int APP_CC -ssl_tls_accept(struct ssl_tls *self, int disableSSLv3, +ssl_tls_accept(struct ssl_tls *self, long ssl_protocols, const char *tls_ciphers); int APP_CC ssl_tls_disconnect(struct ssl_tls *self); diff --git a/common/trans.c b/common/trans.c index 4beaa56e..8f2c4376 100644 --- a/common/trans.c +++ b/common/trans.c @@ -882,7 +882,7 @@ trans_get_out_s(struct trans *self, int size) /* returns error */ int APP_CC trans_set_tls_mode(struct trans *self, const char *key, const char *cert, - int disableSSLv3, const char *tls_ciphers) + long ssl_protocols, const char *tls_ciphers) { self->tls = ssl_tls_create(self, key, cert); if (self->tls == NULL) @@ -891,7 +891,7 @@ trans_set_tls_mode(struct trans *self, const char *key, const char *cert, return 1; } - if (ssl_tls_accept(self->tls, disableSSLv3, tls_ciphers) != 0) + if (ssl_tls_accept(self->tls, ssl_protocols, tls_ciphers) != 0) { g_writeln("trans_set_tls_mode: ssl_tls_accept failed"); return 1; diff --git a/common/trans.h b/common/trans.h index 26d93dc2..fac1fcab 100644 --- a/common/trans.h +++ b/common/trans.h @@ -125,7 +125,7 @@ struct stream* APP_CC trans_get_out_s(struct trans* self, int size); int APP_CC trans_set_tls_mode(struct trans *self, const char *key, const char *cert, - int disableSSLv3, const char *tls_ciphers); + long ssl_protocols, const char *tls_ciphers); int APP_CC trans_shutdown_tls_mode(struct trans *self); int APP_CC diff --git a/common/xrdp_client_info.h b/common/xrdp_client_info.h index 0ef03cfc..00a56472 100644 --- a/common/xrdp_client_info.h +++ b/common/xrdp_client_info.h @@ -143,7 +143,7 @@ struct xrdp_client_info int use_frame_acks; int max_unacknowledged_frame_count; - int disableSSLv3; /* 0 = no, 1 = yes */ + long ssl_protocols; char tls_ciphers[64]; int client_os_major; |