Browse Source

[TLS] ignore empty "CipherString" in ssl-conf-cmd

e.g. ssl.openssl.ssl-conf-cmd = ("CipherString" => "")
master
Glenn Strauss 3 months ago
parent
commit
d865d8c330
5 changed files with 7 additions and 5 deletions
  1. +1
    -1
      src/mod_gnutls.c
  2. +1
    -1
      src/mod_mbedtls.c
  3. +1
    -1
      src/mod_nss.c
  4. +3
    -1
      src/mod_openssl.c
  5. +1
    -1
      src/mod_wolfssl.c

+ 1
- 1
src/mod_gnutls.c View File

@ -3010,7 +3010,7 @@ mod_gnutls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer *
*
* XXX: not done: could make a list of ciphers with bitflag of attributes
* to make future combining easier */
if (cipherstring) {
if (!buffer_string_is_empty(cipherstring)) {
const buffer *b = cipherstring;
const char *e = b->ptr;


+ 1
- 1
src/mod_mbedtls.c View File

@ -3128,7 +3128,7 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer
*
* XXX: not done: could make a list of ciphers with bitflag of attributes
* to make future combining easier */
if (cipherstring) {
if (!buffer_string_is_empty(cipherstring)) {
const buffer *b = cipherstring;
const char *e = b->ptr;


+ 1
- 1
src/mod_nss.c View File

@ -3444,7 +3444,7 @@ mod_nss_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer *cip
"Ciphersuite support not implemented for %s",
ciphersuites->ptr);
if (!cipherstring)
if (buffer_string_is_empty(cipherstring))
return 1; /* nothing to do */
/*


+ 3
- 1
src/mod_openssl.c View File

@ -1882,6 +1882,8 @@ network_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
if (NULL != ds) {
buffer *cipher_string =
array_get_buf_ptr(s->ssl_conf_cmd, CONST_STR_LEN("CipherString"));
if (buffer_string_is_empty(cipher_string))
buffer_append_string_len(cipher_string, CONST_STR_LEN("HIGH"));
buffer_append_string_len(cipher_string,
CONST_STR_LEN(":!aNULL:!eNULL:!EXP"));
}
@ -3660,7 +3662,7 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
rc = -1;
}
if (cipherstring) {
if (!buffer_string_is_empty(cipherstring)) {
/* Disable support for low encryption ciphers */
buffer_append_string_len(cipherstring,
CONST_STR_LEN(":!aNULL:!eNULL:!EXP"));


+ 1
- 1
src/mod_wolfssl.c View File

@ -3347,7 +3347,7 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
/* WolfSSL max ver is set at WolfSSL compile-time */
}
if (cipherstring) {
if (!buffer_string_is_empty(cipherstring)) {
/* Disable support for low encryption ciphers */
buffer_append_string_len(cipherstring,
CONST_STR_LEN(":!aNULL:!eNULL:!EXP"));


Loading…
Cancel
Save