diff options
Diffstat (limited to 'qpid/cpp/src')
| -rw-r--r-- | qpid/cpp/src/qpid/sys/ssl/util.cpp | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/qpid/cpp/src/qpid/sys/ssl/util.cpp b/qpid/cpp/src/qpid/sys/ssl/util.cpp index de5d638b09..e19f35f3c7 100644 --- a/qpid/cpp/src/qpid/sys/ssl/util.cpp +++ b/qpid/cpp/src/qpid/sys/ssl/util.cpp @@ -107,6 +107,16 @@ void initNSS(const SslOptions& options, bool server) //use defaults for all args, TODO: may want to make this configurable SSL_ConfigServerSessionIDCache(0, 0, 0, 0); } + + // disable SSLv2 and SSLv3 versions of the protocol - they are + // no longer considered secure + SSLVersionRange vrange; + const uint16_t tlsv1 = 0x0301; // Protocol version for TLSv1.0 + NSS_CHECK(SSL_VersionRangeGetDefault(ssl_variant_stream, &vrange)); + if (vrange.min < tlsv1) { + vrange.min = tlsv1; + NSS_CHECK(SSL_VersionRangeSetDefault(ssl_variant_stream, &vrange)); + } } void shutdownNSS() |