From fa06581c73f560df57738d6ea72452cdbbb451f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Jan 2015 14:05:33 +0100 Subject: [PATCH] Disable RC4 by default in example programs. --- ChangeLog | 1 + programs/ssl/ssl_client1.c | 2 ++ programs/ssl/ssl_fork_server.c | 2 ++ programs/ssl/ssl_mail_client.c | 2 ++ programs/ssl/ssl_pthread_server.c | 2 ++ programs/ssl/ssl_server.c | 2 ++ 6 files changed, 11 insertions(+) diff --git a/ChangeLog b/ChangeLog index a965f8d4c..6c7a44606 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ PolarSSL ChangeLog (Sorted per branch, date) = PolarSSL 1.3.10 released ??? Changes * Example programs for SSL client and server now disable SSLv3 by default. + * Example programs for SSL client and server now disable RC4 by default. Features * Add ssl_set_arc4_support() to make it easier to diable RC4 at runtime diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 8f85b1016..5a0571c63 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -170,6 +170,8 @@ int main( int argc, char *argv[] ) /* SSLv3 is deprecated, set minimum to TLS 1.0 */ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); + /* RC4 is deprecated, disable it */ + ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index ae1e155b9..07c1cd67a 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -267,6 +267,8 @@ int main( int argc, char *argv[] ) /* SSLv3 is deprecated, set minimum to TLS 1.0 */ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); + /* RC4 is deprecated, disable it */ + ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 74f9d7bd2..8d6441deb 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -603,6 +603,8 @@ int main( int argc, char *argv[] ) /* SSLv3 is deprecated, set minimum to TLS 1.0 */ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); + /* RC4 is deprecated, disable it */ + ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index aed2513b6..191292984 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -167,6 +167,8 @@ static void *handle_ssl_connection( void *data ) /* SSLv3 is deprecated, set minimum to TLS 1.0 */ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); + /* RC4 is deprecated, disable it */ + ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_mutexed_debug, stdout ); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index eb44e07df..a8411591f 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -200,6 +200,8 @@ int main( int argc, char *argv[] ) /* SSLv3 is deprecated, set minimum to TLS 1.0 */ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); + /* RC4 is deprecated, disable it */ + ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout );