update default -rpcsslciphers to include TLSv1.2
- this extends the accepted ciphersuites with TLSv1.2 ones - also removes !AH, as I could not find documentation on it and the change did not result in a changed ciphersuite list (checked via openssl ciphers -v) - closes #3096 (which also contains more details)
This commit is contained in:
parent
a5bba245a3
commit
1728bf0873
2 changed files with 2 additions and 2 deletions
|
@ -809,7 +809,7 @@ void StartRPCThreads()
|
|||
if (filesystem::exists(pathPKFile)) rpc_ssl_context->use_private_key_file(pathPKFile.string(), ssl::context::pem);
|
||||
else LogPrintf("ThreadRPCServer ERROR: missing server private key file %s\n", pathPKFile.string().c_str());
|
||||
|
||||
string strCiphers = GetArg("-rpcsslciphers", "TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH");
|
||||
string strCiphers = GetArg("-rpcsslciphers", "TLSv1.2+HIGH:TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH");
|
||||
SSL_CTX_set_cipher_list(rpc_ssl_context->impl(), strCiphers.c_str());
|
||||
}
|
||||
|
||||
|
|
|
@ -258,7 +258,7 @@ std::string HelpMessage()
|
|||
strUsage += " -rpcssl " + _("Use OpenSSL (https) for JSON-RPC connections") + "\n";
|
||||
strUsage += " -rpcsslcertificatechainfile=<file.cert> " + _("Server certificate file (default: server.cert)") + "\n";
|
||||
strUsage += " -rpcsslprivatekeyfile=<file.pem> " + _("Server private key (default: server.pem)") + "\n";
|
||||
strUsage += " -rpcsslciphers=<ciphers> " + _("Acceptable ciphers (default: TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH)") + "\n";
|
||||
strUsage += " -rpcsslciphers=<ciphers> " + _("Acceptable ciphers (default: TLSv1.2+HIGH:TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH)") + "\n";
|
||||
|
||||
return strUsage;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue