AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-07-06 15:54:57 +03:00
Code Releases Activity

Manage OpenSSL security level

Browse Source 
Add SslAcceptSettings option Override_Security_Level and Override_Security_Level_Value
to allow user to choose.
This commit is contained in:
Takuho NAKANO
2020-10-31 20:19:10 +01:00
committed by Davide Beatrici
parent 190672bd84
commit 7fdacec2a6
3 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/Mayaqua/Network.c
View File

@ -5747,6 +5747,16 @@ SSL_PIPE *NewSslPipeEx(bool server_mode, X *x, K *k, DH_CTX *dh, bool verify_pee
{
SSL_CTX_set_tmp_dh(ssl_ctx, dh->dh);
}
#if 0
// Cannot get config
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
if (sock->SslAcceptSettings.Override_Security_Level)
{
SSL_CTX_set_security_level(ssl_ctx, sock->SslAcceptSettings.Override_Security_Level_Value);
}
#endif
#endif
}
if (verify_peer)
@ -12138,6 +12148,13 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, UINT ssl_timeout, char *sni_hostname)
}
#endif // SSL_OP_NO_TLSv1_3
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
if (sock->SslAcceptSettings.Override_Security_Level)
{
SSL_CTX_set_security_level(ssl_ctx, sock->SslAcceptSettings.Override_Security_Level_Value);
}
#endif
Unlock(openssl_lock);
AddChainSslCertOnDirectory(ssl_ctx);
Lock(openssl_lock);

2
src/Mayaqua/Network.h
View File

@ -148,6 +148,8 @@ struct SSL_ACCEPT_SETTINGS
bool Tls_Disable1_1;
bool Tls_Disable1_2;
bool Tls_Disable1_3;
bool Override_Security_Level;
UINT Override_Security_Level_Value;
};
// Socket