AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-07-07 00:04:57 +03:00
Code Releases Activity

Merge PR #594: Remove SSLv3 support

Browse Source
This commit is contained in:
Davide Beatrici
2018-08-18 07:38:05 +02:00
committed by GitHub
parent 5f120e3c5e 02db806181
commit daed1ad8b3
22 changed files with 59 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/Cedar/Server.c
View File

@ -2550,9 +2550,6 @@ void SiLoadInitialConfiguration(SERVER *s)
return;
}
// Default to TLS only; mitigates CVE-2016-0800
s->Cedar->SslAcceptSettings.AcceptOnlyTls = true;
// Auto saving interval related
s->AutoSaveConfigSpan = SERVER_FILE_SAVE_INTERVAL_DEFAULT;
s->BackupConfigOnlyWhenModified = true;
@ -6126,16 +6123,6 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
// Disable session reconnect
SetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT, CfgGetBool(f, "DisableSessionReconnect"));
// AcceptOnlyTls
if (CfgIsItem(f, "AcceptOnlyTls"))
{
c->SslAcceptSettings.AcceptOnlyTls = CfgGetBool(f, "AcceptOnlyTls");
}
else
{
// Default to TLS only; mitigates CVE-2016-0800
c->SslAcceptSettings.AcceptOnlyTls = true;
}
c->SslAcceptSettings.Tls_Disable1_0 = CfgGetBool(f, "Tls_Disable1_0");
c->SslAcceptSettings.Tls_Disable1_1 = CfgGetBool(f, "Tls_Disable1_1");
c->SslAcceptSettings.Tls_Disable1_2 = CfgGetBool(f, "Tls_Disable1_2");
@ -6460,7 +6447,6 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
CfgAddBool(f, "DisableGetHostNameWhenAcceptTcp", s->DisableGetHostNameWhenAcceptTcp);
CfgAddBool(f, "DisableCoreDumpOnUnix", s->DisableCoreDumpOnUnix);
CfgAddBool(f, "AcceptOnlyTls", c->SslAcceptSettings.AcceptOnlyTls);
CfgAddBool(f, "Tls_Disable1_0", c->SslAcceptSettings.Tls_Disable1_0);
CfgAddBool(f, "Tls_Disable1_1", c->SslAcceptSettings.Tls_Disable1_1);
CfgAddBool(f, "Tls_Disable1_2", c->SslAcceptSettings.Tls_Disable1_2);