AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-07-07 00:04:57 +03:00
Code Releases Activity

Introduce DisableSslVersions.

Browse Source 
The SSL Versions specified will be disabled on server context.
This commit is contained in:
Raymond Tau
2015-11-10 00:55:24 +08:00
parent d3a1b26413
commit 8b1b67faed
5 changed files with 67 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/Cedar/Server.c
View File

@ -6157,6 +6157,39 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
// AcceptOnlyTls
c->AcceptOnlyTls = CfgGetBool(f, "AcceptOnlyTls");
if (c->AcceptOnlyTls) {
c->DisableSslVersions |= SSL_VERSION_SSL_V2;
c->DisableSslVersions |= SSL_VERSION_SSL_V3;
}
if (CfgGetStr(f, "DisableSslVersions", tmp, sizeof(tmp))) {
TOKEN_LIST *sslVersions= ParseToken(tmp, ", ");
UINT i;
for (i = 0;i < sslVersions->NumTokens;i++)
{
if (strcmp(tmp, NAME_SSL_VERSION_SSL_V2))
c->DisableSslVersions |= SSL_VERSION_SSL_V2;
continue;
}
if (strcmp(tmp, NAME_SSL_VERSION_SSL_V3))
c->DisableSslVersions |= SSL_VERSION_SSL_V3;
continue;
}
if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_0))
c->DisableSslVersions |= SSL_VERSION_TLS_V1_0;
continue;
}
if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_1))
c->DisableSslVersions |= SSL_VERSION_TLS_V1_1;
continue;
}
if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_2))
c->DisableSslVersions |= SSL_VERSION_TLS_V1_2;
continue;
}
}
FreeToken(sslVersions);
}
}
Unlock(c->lock);
@ -6467,6 +6500,8 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
CfgAddBool(f, "AcceptOnlyTls", c->AcceptOnlyTls);
CfgAddStr(f, "DisableSslVersions", c->DisableSslVersions);
// Disable session reconnect
CfgAddBool(f, "DisableSessionReconnect", GetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT));
}