diff options
Diffstat (limited to 'libxrdp/xrdp_rdp.c')
| -rw-r--r-- | libxrdp/xrdp_rdp.c | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c index 5159ba5b..bdb552c8 100644 --- a/libxrdp/xrdp_rdp.c +++ b/libxrdp/xrdp_rdp.c @@ -18,6 +18,7 @@ * rdp layer */ +#include <openssl/ssl.h> #include "libxrdp.h" #include "log.h" @@ -44,6 +45,8 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info) char *item = (char *)NULL; char *value = (char *)NULL; char cfg_file[256]; + char *tmp = (char *)NULL; + int tmp_length = 0; /* initialize (zero out) local variables: */ g_memset(cfg_file, 0, sizeof(char) * 256); @@ -160,9 +163,37 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info) client_info->use_fast_path = 0; } } - else if (g_strcasecmp(item, "disableSSLv3") == 0) + else if (g_strcasecmp(item, "ssl_protocols") == 0) { - client_info->disableSSLv3 = g_text2bool(value); + /* put leading/trailing space to properly detect "TLSv1" without regex */ + tmp_length = g_strlen(value) + 3; + tmp = g_new(char, tmp_length); + g_snprintf(tmp, tmp_length, "%s%s%s", " ", value, " "); + + /* disable all protocols first, enable later */ + client_info->ssl_protocols = + SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; + + if (g_pos(tmp, " TLSv1.2 ") >= 0) + { + log_message(LOG_LEVEL_DEBUG, "TLSv1.2 enabled"); + client_info->ssl_protocols &= ~SSL_OP_NO_TLSv1_2; + } + if (g_pos(tmp, " TLSv1.1 ") >= 0) + { + log_message(LOG_LEVEL_DEBUG, "TLSv1.1 enabled"); + client_info->ssl_protocols &= ~SSL_OP_NO_TLSv1_1; + } + if (g_pos(tmp, " TLSv1 ") >= 0) + { + log_message(LOG_LEVEL_DEBUG, "TLSv1 enabled"); + client_info->ssl_protocols &= ~SSL_OP_NO_TLSv1; + } + if (g_pos(tmp, " SSLv3 ") >= 0) + { + log_message(LOG_LEVEL_DEBUG, "SSLv3 enabled"); + client_info->ssl_protocols &= ~SSL_OP_NO_SSLv3; + } } else if (g_strcasecmp(item, "tls_ciphers") == 0) { |