Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-03 20:50:07 +01:00
Code Issues Projects Releases Packages Wiki Activity

Always disable SSLv2 and SSLv3.

Browse source 
These protocols have serious known weakness and our turned off in other browsers.
This commit is contained in:
Alex Gaynor 2015-11-21 12:11:48 -05:00
parent ea690a2dff
commit 2d662aa4e7
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
components/net/http_loader.rs
View file

@ -28,7 +28,7 @@ use net_traits::ProgressMsg::{Done, Payload};
use net_traits::hosts::replace_hosts; use net_traits::hosts::replace_hosts;
use net_traits::{CookieSource, IncludeSubdomains, LoadConsumer, LoadData, Metadata}; use net_traits::{CookieSource, IncludeSubdomains, LoadConsumer, LoadData, Metadata};
use openssl::ssl::error::{SslError, OpensslError}; use openssl::ssl::error::{SslError, OpensslError};
use openssl::ssl::{SSL_VERIFY_PEER, SslContext, SslMethod}; use openssl::ssl::{SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3, SSL_VERIFY_PEER, SslContext, SslMethod};
use resource_task::{CancellationListener, send_error, start_sending_sniffed_opt}; use resource_task::{CancellationListener, send_error, start_sending_sniffed_opt};
use std::borrow::ToOwned; use std::borrow::ToOwned;
use std::boxed::FnBox; use std::boxed::FnBox;
@ -65,6 +65,7 @@ pub fn create_http_connector() -> Arc<Pool<Connector>> {
context.set_verify(SSL_VERIFY_PEER, None); context.set_verify(SSL_VERIFY_PEER, None);
context.set_CA_file(&resources_dir_path().join("certs")).unwrap(); context.set_CA_file(&resources_dir_path().join("certs")).unwrap();
context.set_cipher_list(DEFAULT_CIPHERS).unwrap(); context.set_cipher_list(DEFAULT_CIPHERS).unwrap();
context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3);
let connector = HttpsConnector::new(Openssl { let connector = HttpsConnector::new(Openssl {
context: Arc::new(context) context: Arc::new(context)
}); });