mirror of
https://github.com/servo/servo.git
synced 2025-08-06 14:10:11 +01:00
Move http_loader::Connector to a separate module
This commit is contained in:
parent
0617727f5b
commit
c344461017
5 changed files with 47 additions and 36 deletions
40
components/net/connector.rs
Normal file
40
components/net/connector.rs
Normal file
|
@ -0,0 +1,40 @@
|
|||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
use hyper::client::Pool;
|
||||
use hyper::net::{HttpsConnector, Openssl};
|
||||
use openssl::ssl::{SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3, SSL_VERIFY_PEER, SslContext, SslMethod};
|
||||
use std::sync::Arc;
|
||||
use util::resource_files::resources_dir_path;
|
||||
|
||||
pub type Connector = HttpsConnector<Openssl>;
|
||||
|
||||
// The basic logic here is to prefer ciphers with ECDSA certificates, Forward
|
||||
// Secrecy, AES GCM ciphers, AES ciphers, and finally 3DES ciphers.
|
||||
// A complete discussion of the issues involved in TLS configuration can be found here:
|
||||
// https://wiki.mozilla.org/Security/Server_Side_TLS
|
||||
const DEFAULT_CIPHERS: &'static str = concat!(
|
||||
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:",
|
||||
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:",
|
||||
"DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:",
|
||||
"ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:",
|
||||
"ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:",
|
||||
"ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:",
|
||||
"DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:",
|
||||
"ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:",
|
||||
"AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA"
|
||||
);
|
||||
|
||||
pub fn create_http_connector() -> Arc<Pool<Connector>> {
|
||||
let mut context = SslContext::new(SslMethod::Sslv23).unwrap();
|
||||
context.set_verify(SSL_VERIFY_PEER, None);
|
||||
context.set_CA_file(&resources_dir_path().join("certs")).unwrap();
|
||||
context.set_cipher_list(DEFAULT_CIPHERS).unwrap();
|
||||
context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3);
|
||||
let connector = HttpsConnector::new(Openssl {
|
||||
context: Arc::new(context)
|
||||
});
|
||||
|
||||
Arc::new(Pool::with_connector(Default::default(), connector))
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue