This repository has been archived by the owner on Jan 15, 2021. It is now read-only.

node_crypto: SecureContext::Init option check bug #72

Open

enricogior opened this issue Oct 31, 2016 · 0 comments

Assignees

Labels

Member

enricogior commented Oct 31, 2016 •

edited

Loading

In node_crypto.cc, we check that SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3 and SSL_OP_NO_TLSv1 are set, the check is incorrect, it should be changed from:
https://github.com/thaliproject/jxcore/blob/master/src/wrappers/node_crypto.cc#L243-L249

  long options = SSL_CTX_get_options(sc->ctx_);
  if (options & SSL_OP_NO_SSLv2)
    options |= SSL_OP_NO_SSLv2;
  if (options & SSL_OP_NO_SSLv3)
    options |= SSL_OP_NO_SSLv3;
  if (options & SSL_OP_NO_TLSv1)
    options |= SSL_OP_NO_TLSv1;

to:

  long options = SSL_CTX_get_options(sc->ctx_);
  if (!(options & SSL_OP_NO_SSLv2))
    options |= SSL_OP_NO_SSLv2;
  if (!(options & SSL_OP_NO_SSLv3))
    options |= SSL_OP_NO_SSLv3;
  if (!(options & SSL_OP_NO_TLSv1))
    options |= SSL_OP_NO_TLSv1;

Given the check is there only for validation, it's not a high priority issue.

The text was updated successfully, but these errors were encountered:

enricogior added bug jxcore labels

enricogior self-assigned this

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.