Skip to content

F
freeswitch
提交 835fae42 authored 作者: Brian West's avatar Brian West
浏览文件
操作

Any browser (Firefox, Chrome, Opera) that can run Verto can do TLS1.2, We… 

Any browser (Firefox, Chrome, Opera) that can run Verto can do TLS1.2, We shouldn't lower the bar when we don't need too.
上级 86f9029b
隐藏空白字符变更
内嵌 并排
正在显示 包含 23 行增加2 行删除
src/mod/endpoints/mod_verto/mod_verto.c
浏览文件 @ 835fae42
...@@ -150,6 +150,17 @@ static void verto_init_ssl(verto_profile_t *profile) ...@@ -150,6 +150,17 @@ static void verto_init_ssl(verto_profile_t *profile)
profile->ssl_ready = 1; profile->ssl_ready = 1;
assert(profile->ssl_ctx); assert(profile->ssl_ctx);
/* Disable SSLv2 */
SSL_CTX_set_options(profile->ssl_ctx, SSL_OP_NO_SSLv2);
/* Disable SSLv3 */
SSL_CTX_set_options(profile->ssl_ctx, SSL_OP_NO_SSLv3);
/* Disable TLSv1 */
SSL_CTX_set_options(profile->ssl_ctx, SSL_OP_NO_TLSv1);
/* Disable TLSv1_1 */
SSL_CTX_set_options(profile->ssl_ctx, SSL_OP_NO_TLSv1_1);
/* Disable Compression CRIME (Compression Ratio Info-leak Made Easy) */
SSL_CTX_set_options(profile->ssl_ctx, SSL_OP_NO_COMPRESSION);
/* set the local certificate from CertFile */ /* set the local certificate from CertFile */
if (!zstr(profile->chain)) { if (!zstr(profile->chain)) {
SSL_CTX_use_certificate_chain_file(profile->ssl_ctx, profile->chain); SSL_CTX_use_certificate_chain_file(profile->ssl_ctx, profile->chain);
......
src/mod/endpoints/mod_verto/ws.c
浏览文件 @ 835fae42
...@@ -92,10 +92,20 @@ void init_ssl(void) { ...@@ -92,10 +92,20 @@ void init_ssl(void) {
OpenSSL_add_all_algorithms(); /* load & register cryptos */ OpenSSL_add_all_algorithms(); /* load & register cryptos */
SSL_load_error_strings(); /* load all error messages */ SSL_load_error_strings(); /* load all error messages */
ws_globals.ssl_method = TLSv1_server_method(); /* create server instance */ ws_globals.ssl_method = SSLv23_server_method(); /* create server instance */
ws_globals.ssl_ctx = SSL_CTX_new(ws_globals.ssl_method); /* create context */ ws_globals.ssl_ctx = SSL_CTX_new(ws_globals.ssl_method); /* create context */
assert(ws_globals.ssl_ctx); assert(ws_globals.ssl_ctx);
/* Disable SSLv2 */
SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_SSLv2);
/* Disable SSLv3 */
SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_SSLv3);
/* Disable TLSv1 */
SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_TLSv1);
/* Disable TLSv1_1 */
SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_TLSv1_1);
/* Disable Compression CRIME (Compression Ratio Info-leak Made Easy) */
SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_COMPRESSION);
/* set the local certificate from CertFile */ /* set the local certificate from CertFile */
SSL_CTX_use_certificate_file(ws_globals.ssl_ctx, ws_globals.cert, SSL_FILETYPE_PEM); SSL_CTX_use_certificate_file(ws_globals.ssl_ctx, ws_globals.cert, SSL_FILETYPE_PEM);
/* set the private key from KeyFile */ /* set the private key from KeyFile */
......
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论