AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-22 17:39:53 +03:00
Code Releases Activity

Merge pull request #217 from lewellyn/patch-1

Browse Source 
Default to TLS connections only
This commit is contained in:
Daiyuu Nobori 2016-11-27 17:25:15 +09:00 committed by GitHub
commit cc8fff4d81
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/Cedar/Server.c
View File

@ -2577,6 +2577,9 @@ void SiLoadInitialConfiguration(SERVER *s)
return;
}
// Default to TLS only; mitigates CVE-2016-0800
s->Cedar->AcceptOnlyTls = true;
// Auto saving interval related
s->AutoSaveConfigSpan = SERVER_FILE_SAVE_INTERVAL_DEFAULT;
s->BackupConfigOnlyWhenModified = true;
@ -2762,6 +2765,9 @@ void SiInitConfiguration(SERVER *s)
s->AutoSaveConfigSpan = SERVER_FILE_SAVE_INTERVAL_DEFAULT;
s->BackupConfigOnlyWhenModified = true;
// Default to TLS only; mitigates CVE-2016-0800
s->Cedar->AcceptOnlyTls = true;
// IPsec server
if (s->Cedar->Bridge == false)
{
@ -6156,8 +6162,15 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
SetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT, CfgGetBool(f, "DisableSessionReconnect"));
// AcceptOnlyTls
if (CfgIsItem(f, "AcceptOnlyTls"))
{
c->AcceptOnlyTls = CfgGetBool(f, "AcceptOnlyTls");
}
else
{
c->AcceptOnlyTls = true;
}
}
Unlock(c->lock);
#ifdef OS_UNIX