Browse Source

[TLS] ignore empty "CipherString" in ssl-conf-cmd

e.g. ssl.openssl.ssl-conf-cmd = ("CipherString" => "")
master
Glenn Strauss 11 months ago
parent
commit
d865d8c330
  1. 2
      src/mod_gnutls.c
  2. 2
      src/mod_mbedtls.c
  3. 2
      src/mod_nss.c
  4. 4
      src/mod_openssl.c
  5. 2
      src/mod_wolfssl.c

2
src/mod_gnutls.c

@ -3010,7 +3010,7 @@ mod_gnutls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer *
*
* XXX: not done: could make a list of ciphers with bitflag of attributes
* to make future combining easier */
if (cipherstring) {
if (!buffer_string_is_empty(cipherstring)) {
const buffer *b = cipherstring;
const char *e = b->ptr;

2
src/mod_mbedtls.c

@ -3128,7 +3128,7 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer
*
* XXX: not done: could make a list of ciphers with bitflag of attributes
* to make future combining easier */
if (cipherstring) {
if (!buffer_string_is_empty(cipherstring)) {
const buffer *b = cipherstring;
const char *e = b->ptr;

2
src/mod_nss.c

@ -3444,7 +3444,7 @@ mod_nss_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer *cip
"Ciphersuite support not implemented for %s",
ciphersuites->ptr);
if (!cipherstring)
if (buffer_string_is_empty(cipherstring))
return 1; /* nothing to do */
/*

4
src/mod_openssl.c

@ -1882,6 +1882,8 @@ network_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
if (NULL != ds) {
buffer *cipher_string =
array_get_buf_ptr(s->ssl_conf_cmd, CONST_STR_LEN("CipherString"));
if (buffer_string_is_empty(cipher_string))
buffer_append_string_len(cipher_string, CONST_STR_LEN("HIGH"));
buffer_append_string_len(cipher_string,
CONST_STR_LEN(":!aNULL:!eNULL:!EXP"));
}
@ -3660,7 +3662,7 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
rc = -1;
}
if (cipherstring) {
if (!buffer_string_is_empty(cipherstring)) {
/* Disable support for low encryption ciphers */
buffer_append_string_len(cipherstring,
CONST_STR_LEN(":!aNULL:!eNULL:!EXP"));

2
src/mod_wolfssl.c

@ -3347,7 +3347,7 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
/* WolfSSL max ver is set at WolfSSL compile-time */
}
if (cipherstring) {
if (!buffer_string_is_empty(cipherstring)) {
/* Disable support for low encryption ciphers */
buffer_append_string_len(cipherstring,
CONST_STR_LEN(":!aNULL:!eNULL:!EXP"));

Loading…
Cancel
Save