Adapt programs to new RC4 default
This commit is contained in:
parent
849b174e57
commit
d42b7c82ef
7 changed files with 34 additions and 17 deletions
|
@ -173,8 +173,6 @@ int main( void )
|
|||
|
||||
/* SSLv3 is deprecated, set minimum to TLS 1.0 */
|
||||
ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
|
||||
/* RC4 is deprecated, disable it */
|
||||
ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
|
||||
|
||||
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
|
||||
ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
|
|
|
@ -85,7 +85,7 @@
|
|||
#define DFL_EXCHANGES 1
|
||||
#define DFL_MIN_VERSION SSL_MINOR_VERSION_1
|
||||
#define DFL_MAX_VERSION -1
|
||||
#define DFL_ARC4 SSL_ARC4_DISABLED
|
||||
#define DFL_ARC4 -1
|
||||
#define DFL_AUTH_MODE SSL_VERIFY_REQUIRED
|
||||
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
|
||||
#define DFL_TRUNC_HMAC -1
|
||||
|
@ -249,9 +249,9 @@
|
|||
USAGE_ETM \
|
||||
USAGE_RECSPLIT \
|
||||
"\n" \
|
||||
" arc4=%%d default: (library default)\n" \
|
||||
" min_version=%%s default: \"\" (ssl3)\n" \
|
||||
" max_version=%%s default: \"\" (tls1_2)\n" \
|
||||
" arc4=%%d default: 0 (disabled)\n" \
|
||||
" force_version=%%s default: \"\" (none)\n" \
|
||||
" options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
|
||||
"\n" \
|
||||
|
@ -823,6 +823,19 @@ int main( int argc, char *argv[] )
|
|||
opt.min_version < SSL_MINOR_VERSION_2 )
|
||||
opt.min_version = SSL_MINOR_VERSION_2;
|
||||
}
|
||||
|
||||
/* Enable RC4 if needed and not explicitly disabled */
|
||||
if( ciphersuite_info->cipher == POLARSSL_CIPHER_ARC4_128 )
|
||||
{
|
||||
if( opt.arc4 == SSL_ARC4_DISABLED )
|
||||
{
|
||||
polarssl_printf("forced RC4 ciphersuite with RC4 disabled\n");
|
||||
ret = 2;
|
||||
goto usage;
|
||||
}
|
||||
|
||||
opt.arc4 = SSL_ARC4_ENABLED;
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
|
@ -1130,10 +1143,10 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
#endif
|
||||
|
||||
/* RC4 setting is redundant if we use only one ciphersuite */
|
||||
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
||||
else
|
||||
|
||||
if( opt.arc4 != DFL_ARC4 )
|
||||
ssl_set_arc4_support( &ssl, opt.arc4 );
|
||||
|
||||
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
|
||||
|
|
|
@ -273,8 +273,6 @@ int main( void )
|
|||
/* SSLv3 is deprecated, set minimum to TLS 1.0 */
|
||||
ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3,
|
||||
SSL_MINOR_VERSION_1 );
|
||||
/* RC4 is deprecated, disable it */
|
||||
ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
|
||||
|
||||
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
|
||||
ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
|
|
|
@ -610,8 +610,6 @@ int main( int argc, char *argv[] )
|
|||
|
||||
/* SSLv3 is deprecated, set minimum to TLS 1.0 */
|
||||
ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
|
||||
/* RC4 is deprecated, disable it */
|
||||
ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
|
||||
|
||||
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
|
||||
ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
|
|
|
@ -176,8 +176,6 @@ static void *handle_ssl_connection( void *data )
|
|||
|
||||
/* SSLv3 is deprecated, set minimum to TLS 1.0 */
|
||||
ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
|
||||
/* RC4 is deprecated, disable it */
|
||||
ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
|
||||
|
||||
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
|
||||
ssl_set_dbg( &ssl, my_mutexed_debug, stdout );
|
||||
|
|
|
@ -204,8 +204,6 @@ int main( void )
|
|||
|
||||
/* SSLv3 is deprecated, set minimum to TLS 1.0 */
|
||||
ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
|
||||
/* RC4 is deprecated, disable it */
|
||||
ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
|
||||
|
||||
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
|
||||
ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
|
|
|
@ -101,7 +101,7 @@
|
|||
#define DFL_EXCHANGES 1
|
||||
#define DFL_MIN_VERSION SSL_MINOR_VERSION_1
|
||||
#define DFL_MAX_VERSION -1
|
||||
#define DFL_ARC4 SSL_ARC4_DISABLED
|
||||
#define DFL_ARC4 -1
|
||||
#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
|
||||
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
|
||||
#define DFL_TRUNC_HMAC -1
|
||||
|
@ -315,9 +315,9 @@
|
|||
USAGE_EMS \
|
||||
USAGE_ETM \
|
||||
"\n" \
|
||||
" arc4=%%d default: (library default)\n" \
|
||||
" min_version=%%s default: \"ssl3\"\n" \
|
||||
" max_version=%%s default: \"tls1_2\"\n" \
|
||||
" arc4=%%d default: 0 (disabled)\n" \
|
||||
" force_version=%%s default: \"\" (none)\n" \
|
||||
" options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
|
||||
"\n" \
|
||||
|
@ -1193,6 +1193,19 @@ int main( int argc, char *argv[] )
|
|||
opt.min_version < SSL_MINOR_VERSION_2 )
|
||||
opt.min_version = SSL_MINOR_VERSION_2;
|
||||
}
|
||||
|
||||
/* Enable RC4 if needed and not explicitly disabled */
|
||||
if( ciphersuite_info->cipher == POLARSSL_CIPHER_ARC4_128 )
|
||||
{
|
||||
if( opt.arc4 == SSL_ARC4_DISABLED )
|
||||
{
|
||||
polarssl_printf("forced RC4 ciphersuite with RC4 disabled\n");
|
||||
ret = 2;
|
||||
goto usage;
|
||||
}
|
||||
|
||||
opt.arc4 = SSL_ARC4_ENABLED;
|
||||
}
|
||||
}
|
||||
|
||||
if( opt.version_suites != NULL )
|
||||
|
@ -1618,7 +1631,8 @@ int main( int argc, char *argv[] )
|
|||
|
||||
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
||||
else
|
||||
|
||||
if( opt.arc4 != DFL_ARC4 )
|
||||
ssl_set_arc4_support( &ssl, opt.arc4 );
|
||||
|
||||
if( opt.version_suites != NULL )
|
||||
|
|
Loading…
Reference in a new issue