diff options
author | Philip Kaufmann <phil.kaufmann@t-online.de> | 2013-10-17 16:11:25 +0200 |
---|---|---|
committer | Philip Kaufmann <phil.kaufmann@t-online.de> | 2013-10-17 16:11:25 +0200 |
commit | 1728bf0873590c6905e892044f9f87ee97ff3dbc (patch) | |
tree | 8c8c8b66351b6f24953532710ea5d0b09fce387c /src | |
parent | a5bba245a3a5fabd037b3812e9d987dfc94a8fcf (diff) |
update default -rpcsslciphers to include TLSv1.2
- this extends the accepted ciphersuites with TLSv1.2 ones
- also removes !AH, as I could not find documentation on it and the change
did not result in a changed ciphersuite list (checked via openssl
ciphers -v)
- closes #3096 (which also contains more details)
Diffstat (limited to 'src')
-rw-r--r-- | src/bitcoinrpc.cpp | 2 | ||||
-rw-r--r-- | src/init.cpp | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/bitcoinrpc.cpp b/src/bitcoinrpc.cpp index 798660dff3..2a9ced509c 100644 --- a/src/bitcoinrpc.cpp +++ b/src/bitcoinrpc.cpp @@ -809,7 +809,7 @@ void StartRPCThreads() if (filesystem::exists(pathPKFile)) rpc_ssl_context->use_private_key_file(pathPKFile.string(), ssl::context::pem); else LogPrintf("ThreadRPCServer ERROR: missing server private key file %s\n", pathPKFile.string().c_str()); - string strCiphers = GetArg("-rpcsslciphers", "TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH"); + string strCiphers = GetArg("-rpcsslciphers", "TLSv1.2+HIGH:TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH"); SSL_CTX_set_cipher_list(rpc_ssl_context->impl(), strCiphers.c_str()); } diff --git a/src/init.cpp b/src/init.cpp index 28ec409bae..48f4a0d006 100644 --- a/src/init.cpp +++ b/src/init.cpp @@ -258,7 +258,7 @@ std::string HelpMessage() strUsage += " -rpcssl " + _("Use OpenSSL (https) for JSON-RPC connections") + "\n"; strUsage += " -rpcsslcertificatechainfile=<file.cert> " + _("Server certificate file (default: server.cert)") + "\n"; strUsage += " -rpcsslprivatekeyfile=<file.pem> " + _("Server private key (default: server.pem)") + "\n"; - strUsage += " -rpcsslciphers=<ciphers> " + _("Acceptable ciphers (default: TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH)") + "\n"; + strUsage += " -rpcsslciphers=<ciphers> " + _("Acceptable ciphers (default: TLSv1.2+HIGH:TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH)") + "\n"; return strUsage; } |