Menu
▾
▴
[webmin-devel] Changes to miniserv.pl to force SSLv3/TLSv1
|
From: Jonathan G. <jon...@oi...> - 2006-01-31 17:30:44
|
I've made a small change to miniserv.pl to force SSLv3/TLSv1 in the
HTTPS server. I'm not a developer, so don't know the correct way to
share this information with you, so I'll just post the code change in
this email. Hopefully someone from webmin will incorporate this simple
change to kill off those older ciphers, or at least make it an option
somewhere.
Original:
#!/usr/bin/perl
# A very simple perl web server used by Webmin
# Require basic libraries
package miniserv;
use Socket;
use POSIX;
# Find and read config file
if (@ARGV != 1) {
die "Usage: miniserv.pl <config file>";
}
if ($ARGV[0] =~ /^([a-z]:)?\//i) {
$config_file = $ARGV[0];
}
else {
chop($pwd = `pwd`);
$config_file = "$pwd/$ARGV[0]";
}
%config = &read_config_file($config_file);
# Check is SSL is enabled and available
if ($config{'ssl'}) {
eval "use Net::SSLeay";
if (!$@) {
$use_ssl = 1;
# These functions only exist for SSLeay 1.0
eval "Net::SSLeay::SSLeay_add_ssl_algorithms()";
eval "Net::SSLeay::load_error_strings()";
if (defined(&Net::SSLeay::X509_STORE_CTX_get_current_cert) &&
defined(&Net::SSLeay::CTX_load_verify_locations) &&
defined(&Net::SSLeay::CTX_set_verify)) {
$client_certs = 1;
}
}
CHANGED
#!/usr/bin/perl
# A very simple perl web server used by Webmin
# Require basic libraries
package miniserv;
use Socket;
use POSIX;
# Find and read config file
if (@ARGV != 1) {
die "Usage: miniserv.pl <config file>";
}
if ($ARGV[0] =~ /^([a-z]:)?\//i) {
$config_file = $ARGV[0];
}
else {
chop($pwd = `pwd`);
$config_file = "$pwd/$ARGV[0]";
}
%config = &read_config_file($config_file);
# Check is SSL is enabled and available
if ($config{'ssl'}) {
eval "use Net::SSLeay";
if (!$@) {
$use_ssl = 1;
# These functions only exist for SSLeay 1.0
eval "Net::SSLeay::SSLeay_add_ssl_algorithms()";
eval "Net::SSLeay::load_error_strings()";
eval "Net::SSLeay::CTX_set_options( $ctx,&Net::SSLeay::OP_NO_SSLv2 )";
if (defined(&Net::SSLeay::X509_STORE_CTX_get_current_cert) &&
defined(&Net::SSLeay::CTX_load_verify_locations) &&
defined(&Net::SSLeay::CTX_set_verify)) {
$client_certs = 1;
}
}
--
Jonathan Glass, RHCE, Security+, Linux+, Network+
Information Security Engineer III
Office of Information Technology - Information Security
Georgia Institute of Technology
258 4th St NW, Atlanta, Georgia 30332-0700
Office: 404-385-6900 Fax: 404-385-2331
PGP Key ID: 0xAB50FF20
Fingerprint: 3CD2 1BC6 4485 720B AB45 FF3E 8B3B D6F5 AB50 FF20
|
