Skip to content

Commit

Permalink
Allowing the user to use less secure ssl versions for older servers. (#…
Browse files Browse the repository at this point in the history 
…92)
  • Loading branch information
@ZedrikCayne
ZedrikCayne authored Nov 14, 2024
1 parent c7fa593 commit 3c80063
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 1 deletion.
9 changes: 8 additions & 1 deletion lib/tf/tf-help
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8462,10 +8462,12 @@ Protocols
/set ssl_continue
/set ssl_depth
/set ssl_verbose
/set ssl_insecure

See: protocols, features, connect, addworld, worlds, fields, listsockets,
special variables, ssl_ca_dir, ssl_ca_file, ssl_continue, ssl_depth,
ssl_verbose
ssl_verbose, ssl_insecure


&firewall
&proxy
Expand Down Expand Up @@ -9551,6 +9553,11 @@ Special global variables
ssl_verbose=on
Show cert chain when connecting.

#ssl_insecure
#%ssl_insecure
ssl_insecure=on
Allow older less secure TLSv1 routines.

#start_color
#%start_color
#start_color_*
Expand Down
1 change: 1 addition & 0 deletions src/globals.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,7 @@ enum Vars {
#define ssl_continue getintvar(VAR_ssl_continue)
#define ssl_depth getintvar(VAR_ssl_depth)
#define ssl_verbose getintvar(VAR_ssl_verbose)
#define ssl_insecure getintvar(VAR_ssl_insecure)
#define status_attr getattrvar(VAR_stat_attr)
#define status_fields getstdvar(VAR_stat_fields)
#define status_height getintvar(VAR_stat_height)
Expand Down
7 changes: 7 additions & 0 deletions src/socket.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -677,11 +677,18 @@ static void init_ssl(void)
SSL_load_error_strings();
SSL_library_init();
/* XXX seed PRNG */
if( ssl_insecure ) {
ssl_ctx = SSL_CTX_new(TLSv1_client_method());
} else {
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
}
if (!ssl_ctx) {
ssl_err("SSL_CTX_new");
return;
}
if( ssl_insecure ) {
SSL_CTX_set_security_level(ssl_ctx,0);
}
if (!SSL_CTX_set_cipher_list(ssl_ctx, "ALL")) {
ssl_err("SSL_CTX_set_cipher_list");
return;
Expand Down
1 change: 1 addition & 0 deletions src/varlist.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,7 @@ varstr (VAR_ssl_ca_file,"ssl_ca_file", NULL, NULL)
varflag(VAR_ssl_continue,"ssl_continue",TRUE, NULL)
varint (VAR_ssl_depth, "ssl_depth", 10, NULL)
varflag(VAR_ssl_verbose,"ssl_verbose", TRUE, NULL)
varflag(VAR_ssl_insecure,"ssl_insecure",TRUE, NULL)
varstr (VAR_stat_attr, "status_attr", NULL, ch_status_attr)
varstr (VAR_stat_fields,"status_fields",NULL, ch_status_fields)
varpos (VAR_stat_height,"status_height",1, ch_status_height)
Expand Down

0 comments on commit 3c80063

Please sign in to comment.