Menu
▾
▴
Re: [webmin-devel] Changes to miniserv.pl to force SSLv3/TLSv1
|
From: Jamie C. <jca...@we...> - 2006-01-31 22:38:12
|
Hi Jonathan,
Was the change you made just adding the line :
eval "Net::SSLeay::CTX_set_options( $ctx,&Net::SSLeay::OP_NO_SSLv2 )";
Probably the best way to submit changes like this is via a diff betweem
the old and new versions .. that way I (and the patch program) can see
exactly what has changed.
- Jamie
On Wed, 2006-02-01 at 04:29, Jonathan Glass wrote:
> I've made a small change to miniserv.pl to force SSLv3/TLSv1 in the
> HTTPS server. I'm not a developer, so don't know the correct way to
> share this information with you, so I'll just post the code change in
> this email. Hopefully someone from webmin will incorporate this simple
> change to kill off those older ciphers, or at least make it an option
> somewhere.
>
> Original:
> #!/usr/bin/perl
> # A very simple perl web server used by Webmin
>
> # Require basic libraries
> package miniserv;
> use Socket;
> use POSIX;
>
> # Find and read config file
> if (@ARGV != 1) {
> die "Usage: miniserv.pl <config file>";
> }
> if ($ARGV[0] =~ /^([a-z]:)?\//i) {
> $config_file = $ARGV[0];
> }
> else {
> chop($pwd = `pwd`);
> $config_file = "$pwd/$ARGV[0]";
> }
> %config = &read_config_file($config_file);
>
> # Check is SSL is enabled and available
> if ($config{'ssl'}) {
> eval "use Net::SSLeay";
> if (!$@) {
> $use_ssl = 1;
> # These functions only exist for SSLeay 1.0
> eval "Net::SSLeay::SSLeay_add_ssl_algorithms()";
> eval "Net::SSLeay::load_error_strings()";
> if (defined(&Net::SSLeay::X509_STORE_CTX_get_current_cert) &&
> defined(&Net::SSLeay::CTX_load_verify_locations) &&
> defined(&Net::SSLeay::CTX_set_verify)) {
> $client_certs = 1;
> }
> }
>
>
> CHANGED
> #!/usr/bin/perl
> # A very simple perl web server used by Webmin
>
> # Require basic libraries
> package miniserv;
> use Socket;
> use POSIX;
>
> # Find and read config file
> if (@ARGV != 1) {
> die "Usage: miniserv.pl <config file>";
> }
> if ($ARGV[0] =~ /^([a-z]:)?\//i) {
> $config_file = $ARGV[0];
> }
> else {
> chop($pwd = `pwd`);
> $config_file = "$pwd/$ARGV[0]";
> }
> %config = &read_config_file($config_file);
>
> # Check is SSL is enabled and available
> if ($config{'ssl'}) {
> eval "use Net::SSLeay";
> if (!$@) {
> $use_ssl = 1;
> # These functions only exist for SSLeay 1.0
> eval "Net::SSLeay::SSLeay_add_ssl_algorithms()";
> eval "Net::SSLeay::load_error_strings()";
> eval "Net::SSLeay::CTX_set_options( $ctx,&Net::SSLeay::OP_NO_SSLv2 )";
> if (defined(&Net::SSLeay::X509_STORE_CTX_get_current_cert) &&
> defined(&Net::SSLeay::CTX_load_verify_locations) &&
> defined(&Net::SSLeay::CTX_set_verify)) {
> $client_certs = 1;
> }
> }
|
