mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-12-28 17:09:34 -05:00
fixed cipher list for openssl, since ECDHE is not configured, it cannot be used
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6974 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
3b381b9d22
commit
146465a53f
@ -335,10 +335,9 @@ static int initLib = 0;
|
||||
// the connection will be refused. So we happend the HIGH cipher suite just after. In oder to force
|
||||
// PFS, at the risk of not always connecting, one should use:
|
||||
//
|
||||
// std::string cipherString = "kEDH:!ECDHE:!DSS:!aNULL:!3DES";
|
||||
// std::string cipherString = "kEDH:HIGH:!DSS:!aNULL:!3DES";
|
||||
//
|
||||
// ECDHE has been removed from the list because of suspicions about the level of security in the
|
||||
// generation of the elliptic curves parameters. The following safe primes are 2048/4096 bits long. Should be enough.
|
||||
// The following safe primes are 2048/4096 bits long. Should be enough.
|
||||
//
|
||||
// std::string dh_prime_2048_dec = "30651576830996935311378276950670996791883170963804289256203421500259588715033040934547350194073369837229137842804826417332761673984632102152477971341551955103053338169949165519208562998954887445690136488713010579430413255432398961330773637820158790237012997356731669148258317860643591694814197514454546928317578771868379525705082166818553884557266645700906836702542808787791878865135741211056957383668479369231868698451684633965462539374994559481908068730787128654626819903401038534403722014687647173327537458614224702967073490136394698912372792187651228785689025073104374674728645661275001416541267543884923191810923";
|
||||
//
|
||||
@ -346,7 +345,7 @@ static int initLib = 0;
|
||||
|
||||
std::string dh_prime_4096_hex = "A6F5777292D9E6BB95559C9124B9119E6771F11F2048C8FE74F4E8140494520972A087EF1D60B73894F1C5D509DD15D96CF379E9DDD46CE51B748085BACB440D915565782C73AF3A9580CE788441D1DA4D114E3D302CAB45A061ABCFC1F7E9200AE019CB923B77E096FA9377454A16FFE91D86535FF23E075B3E714F785CD7606E9CBD9D06F01CAFA2271883D649F13ABE170D714F6B6EC064C5BF35C4F4BDA5EF5ED5E70D5DC78F1AC1CDC04EEDAE8ADD65C4A9E27368E0B2C8595DD7626D763BFFB15364B3CCA9FCE814B9226B35FE652F4B041F0FF6694D6A482B0EF48CA41163D083AD2DE7B7A068BB05C0453E9D008551C7F67993A3EF2C4874F0244F78C4E0997BD31AB3BD88446916B499B2513DD5BA002063BD38D2CE55D29D071399D5CEE99458AF6FDC104A61CA3FACDAC803CBDE62B4C0EAC946D0E12F05CE9E94497110D64E611D957423B8AA412D84EC83E6E70E0977A31D6EE056D0527D4667D7242A77C9B679D191562E4026DA9C35FF85666296D872ED548E0FFE1A677FCC373C1F490CAB4F53DFD8735C0F1DF02FEAD824A217FDF4E3404D38A5BBC719C6622630FCD34F6F1968AF1B66A4AB1A9FCF653DA96EB3A42AF6FCFEA0547B8F314A527C519949007D7FA1726FF3D33EC46393B0207AA029E5EA574BDAC94D78894B22A2E3303E65A3F820DF57DB44951DE4E973C016C57F7A242D0BC53BC563AF" ;
|
||||
|
||||
std::string cipherString = "kEDH:HIGH:!ECDHE:!DSS:!aNULL:!3DES";
|
||||
std::string cipherString = "kEDH:HIGH:!DSS:!aNULL:!3DES";
|
||||
|
||||
SSL_CTX_set_cipher_list(sslctx, cipherString.c_str());
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user