add option for RSA only cipher suites; use openssl 0.7.14 (registry+h…

…ttps://github.com/rust-lang/crates.io-index) crate fro cipher suite override

Cargo.toml

@@ -14,4 +14,4 @@ hyper = "0.9.1"
 cookie = "0.2.4"
 xdg = "2.0.0"
 config = "0.1.3"
-
+openssl = "0.7.14"

src/http.rs

@@ -1,12 +1,14 @@
 use std::io;
 use std::io::Write;
 use std::process::exit;
+use std::sync::Arc;
 
 use cookie::Cookie as CookiePair;
 
 use hyper::Client;
 use hyper::Url;
 use hyper::net::{HttpsConnector, Openssl};
+use openssl::ssl::{SslMethod, SslContext};
 use hyper::header::{Headers, SetCookie, Cookie};
 use hyper::status::StatusCode;
 use hyper::client::RedirectPolicy;
@@ -37,7 +39,23 @@ pub fn fetch_session_cookie(options: &Options) -> Option<Cookie> {
     if url.scheme() == "https" {
         log!(3, "Scheme is https");
 
-        let https_connector = HttpsConnector::new(Openssl::default());
+        let https_connector;
+        if !options.cipher_list.is_empty() || options.rsa_only {
+            let mut ctx = SslContext::new(SslMethod::Sslv23).unwrap();
+            if !options.cipher_list.is_empty() {
+                log!(2, "Using ssl cipher_list {}", options.cipher_list);
+                ctx.set_cipher_list(&options.cipher_list).unwrap();
+            }
+            else if options.rsa_only {
+                log!(2, "Using RSA only cipher suites for ssl key exchange");
+                ctx.set_cipher_list("AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA").unwrap();
+            }
+            let ssl = Openssl{ context: Arc::new(ctx) };
+            https_connector = HttpsConnector::new(ssl);
+        }
+        else {
+            https_connector = HttpsConnector::new(Openssl::default());
+        }
         log!(3, "Created https_connector: {:?}", https_connector);
 
         client = Client::with_connector(https_connector);

src/main.rs

@@ -24,6 +24,7 @@ extern crate hyper;
 extern crate cookie;
 extern crate config;
 extern crate xdg;
+extern crate openssl;
 
 // Needs to be imported first because of log! macro
 #[macro_use]
@@ -121,6 +122,15 @@ fn main() {
             .add_option(&["-e", "--echo"], StoreTrue,
                         "echo outgoing frames");
 
+        ap.refer(&mut options.cipher_list)
+            .metavar("CIPHERS")
+            .add_option(&["--cipher_list"], Store,
+                        "openssl cipher suites to use for connection");
+
+        ap.refer(&mut options.rsa_only)
+            .add_option(&["--rsaonly"], StoreTrue,
+                        "usa RSA only cipher suites for ssl key exchange");
+
         // This is a dummy entry used in --help - the actual profile is read
         // before ArgumentParser is invoked
         ap.refer(&mut dummy)

src/options.rs

@@ -53,7 +53,13 @@ pub struct Options {
 
     /// Specifies the amount of bytes per frame to send when
     /// sending binary data.
-    pub binary_frame_size: String
+    pub binary_frame_size: String,
+
+    /// List of OpenSSL cipher suites to be used for ssl connections
+    pub cipher_list: String,
+
+    /// Use RSA only cipher suites for ssl key exchange
+    pub rsa_only: bool
 }
 
 impl Options {
@@ -71,7 +77,9 @@ impl Options {
             ping_interval: None,
             ping_msg: String::from("ping"),
             binary_mode: false,
-            binary_frame_size: String::from("256")
+            binary_frame_size: String::from("256"),
+            cipher_list: String::new(),
+            rsa_only: false
         }
     }
 
@@ -92,6 +100,8 @@ impl Options {
             binary_mode: get_bool(config, "binary_mode"),
             // TODO Make int
             binary_frame_size: get_str_or(config, "binary_frame_size", "256"),
+            cipher_list: get_str(config, "cipher_list"),
+            rsa_only: get_bool(config, "rsa_only"),
         }
     }
 }

src/program.rs

@@ -10,6 +10,7 @@ use websocket::client::Sender as SenderObj;
 use websocket::client::Receiver as ReceiverObj;
 use websocket::client::request::{Request, Url};
 use websocket::stream::WebSocketStream;
+use openssl::ssl::{SslMethod, SslContext};
 
 use ws;
 use options::Options;
@@ -36,15 +37,38 @@ pub fn run_wsta(options: &mut Options) {
 
     // Connect to the server
     log!(2, "About to connect to {}", url);
-    let mut request = match Client::connect(url) {
-        Ok(res) => res,
-        Err(err) => {
-            log!(1, "Error: {:?}", err);
-            stderr!("An error occured while connecting to '{}': {}",
-                           options.url, err);
-            exit(1);
+    let mut request;
+    if !options.cipher_list.is_empty() || options.rsa_only {
+        let mut ctx = SslContext::new(SslMethod::Sslv23).unwrap();
+        if !options.cipher_list.is_empty() {
+            log!(2, "Using ssl cipher_list {}", options.cipher_list);
+            ctx.set_cipher_list(&options.cipher_list).unwrap();
         }
-    };
+        else if options.rsa_only {
+            log!(2, "Using RSA only cipher suites for ssl key exchange");
+            ctx.set_cipher_list("AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA").unwrap();
+        }
+        request = match Client::connect_ssl_context(url, &ctx) {
+            Ok(res) => res,
+            Err(err) => {
+                log!(1, "Error: {:?}", err);
+                stderr!("An error occured while connecting to '{}': {}",
+                               options.url, err);
+                exit(1);
+            }
+        };
+    }
+    else {
+        request = match Client::connect(url) {
+            Ok(res) => res,
+            Err(err) => {
+                log!(1, "Error: {:?}", err);
+                stderr!("An error occured while connecting to '{}': {}",
+                               options.url, err);
+                exit(1);
+            }
+        };
+    }
 
     // Set Origin header to be equal to the websocket url
     request.headers.set_raw("Origin", vec![origin.into_bytes()]);