aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@gmail.com>2014-12-08 13:30:21 +0100
committerWladimir J. van der Laan <laanwj@gmail.com>2014-12-08 13:31:13 +0100
commit4b5b263ac0ee44fe432a713b444df9880cfce4a2 (patch)
tree0dd9278f51453adcedf1dfa6d5179a23547eccf6
parent053038e5ba116cb319fb85f3cb3e062cf1b3df15 (diff)
parent683dc4009b2b01699e672f8150c28e2ebe0aae19 (diff)
Merge pull request #5434
683dc40 Disable SSLv3 (in favor of TLS) for the RPC client and server. (Gregory Maxwell)
Diffstat
-rw-r--r--src/bitcoin-cli.cpp2
-rw-r--r--src/rpcserver.cpp2
2 files changed, 2 insertions, 2 deletions
diff --git a/src/bitcoin-cli.cpp b/src/bitcoin-cli.cpp
index 1b638e99e9..ea349b197e 100644
--- a/src/bitcoin-cli.cpp
+++ b/src/bitcoin-cli.cpp
@@ -110,7 +110,7 @@ Object CallRPC(const string& strMethod, const Array& params)
bool fUseSSL = GetBoolArg("-rpcssl", false);
asio::io_service io_service;
ssl::context context(io_service, ssl::context::sslv23);
- context.set_options(ssl::context::no_sslv2);
+ context.set_options(ssl::context::no_sslv2 | ssl::context::no_sslv3);
asio::ssl::stream<asio::ip::tcp::socket> sslStream(io_service, context);
SSLIOStreamDevice<asio::ip::tcp> d(sslStream, fUseSSL);
iostreams::stream< SSLIOStreamDevice<asio::ip::tcp> > stream(d);
diff --git a/src/rpcserver.cpp b/src/rpcserver.cpp
index 90695611f2..252b0866a2 100644
--- a/src/rpcserver.cpp
+++ b/src/rpcserver.cpp
@@ -597,7 +597,7 @@ void StartRPCThreads()
if (fUseSSL)
{
- rpc_ssl_context->set_options(ssl::context::no_sslv2);
+ rpc_ssl_context->set_options(ssl::context::no_sslv2 | ssl::context::no_sslv3);
filesystem::path pathCertFile(GetArg("-rpcsslcertificatechainfile", "server.cert"));
if (!pathCertFile.is_complete()) pathCertFile = filesystem::path(GetDataDir()) / pathCertFile;
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-01 08:05:10 +0000