Merge pull request #5434

laanwj · laanwj · commit 4b5b263ac0ee · 2014-12-08T13:31:13.000+01:00
683dc40 Disable SSLv3 (in favor of TLS) for the RPC client and server. (Gregory Maxwell)
diff --git a/src/bitcoin-cli.cpp b/src/bitcoin-cli.cpp
@@ -110,7 +110,7 @@ Object CallRPC(const string& strMethod, const Array& params)
     bool fUseSSL = GetBoolArg("-rpcssl", false);
     asio::io_service io_service;
     ssl::context context(io_service, ssl::context::sslv23);
-    context.set_options(ssl::context::no_sslv2);
+    context.set_options(ssl::context::no_sslv2 | ssl::context::no_sslv3);
     asio::ssl::stream<asio::ip::tcp::socket> sslStream(io_service, context);
     SSLIOStreamDevice<asio::ip::tcp> d(sslStream, fUseSSL);
     iostreams::stream< SSLIOStreamDevice<asio::ip::tcp> > stream(d);
diff --git a/src/rpcserver.cpp b/src/rpcserver.cpp
@@ -597,7 +597,7 @@ void StartRPCThreads()
 
     if (fUseSSL)
     {
-        rpc_ssl_context->set_options(ssl::context::no_sslv2);
+        rpc_ssl_context->set_options(ssl::context::no_sslv2 | ssl::context::no_sslv3);
 
         filesystem::path pathCertFile(GetArg("-rpcsslcertificatechainfile", "server.cert"));
         if (!pathCertFile.is_complete()) pathCertFile = filesystem::path(GetDataDir()) / pathCertFile;

Original file line number	Diff line number	Diff line change
`@@ -597,7 +597,7 @@ void StartRPCThreads()`
`597`	`597`
`598`	`598`	`if (fUseSSL)`
`599`	`599`	`{`
`600`		`- rpc_ssl_context->set_options(ssl::context::no_sslv2);`
	`600`	`+ rpc_ssl_context->set_options(ssl::context::no_sslv2 \| ssl::context::no_sslv3);`
`601`	`601`
`602`	`602`	`filesystem::path pathCertFile(GetArg("-rpcsslcertificatechainfile", "server.cert"));`
`603`	`603`	`if (!pathCertFile.is_complete()) pathCertFile = filesystem::path(GetDataDir()) / pathCertFile;`