kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

FS-10406: [mod_sofia] mod_sofia secure websocket connections SSLv3 and tls v1.0 is still not disabled #resolve

This commit is contained in:
Brian West 2017-06-21 08:51:50 -05:00 committed by Mike Jerris
parent 3da50fc110
commit 637f3b6336
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libs/sofia-sip/.update
View File

@ -1 +1 @@
Tue Jun 6 09:36:46 CDT 2017
Tue Jul 11 12:51:40 EDT 2017

9
libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c
View File

@ -390,6 +390,15 @@ static int tport_ws_init_primary_secure(tport_primary_t *pri,
goto done;
}
/* Disable SSLv2 */
SSL_CTX_set_options(wspri->ssl_ctx, SSL_OP_NO_SSLv2);
/* Disable SSLv3 */
SSL_CTX_set_options(wspri->ssl_ctx, SSL_OP_NO_SSLv3);
/* Disable TLSv1 */
SSL_CTX_set_options(wspri->ssl_ctx, SSL_OP_NO_TLSv1);
/* Disable Compression CRIME (Compression Ratio Info-leak Made Easy) */
SSL_CTX_set_options(wspri->ssl_ctx, SSL_OP_NO_COMPRESSION);
if (chain) {
if ( !SSL_CTX_use_certificate_chain_file(wspri->ssl_ctx, chain) ) {
tls_log_errors(3, "tport_ws_init_primary_secure", 0);