c++ - how to change the method of boost::asio::ssl::context -


i'm writing https server third part client application. i'm using pion c++ network library implement server,

the tricky thing that: client uses sslv2 pion uses sslv23 context method. constructor:

server::server(...)     : .....     m_ssl_context(m_active_scheduler.get_io_service(),                         boost::asio::ssl::context::sslv23), // <--- not configurable     .... {}

i understand there security issue sslv2 pion uses sslv23 default, client uses sslv2 only. sslv23, server complains "unknown protocol" during handshake.

i don't want modify pion source make support sslv2. can underlying ssl::context object, how can modify support sslv2?

i looked boost/asio/ssl/impl/context.ipp, ssl::context noncopyable, , no helper function can used that.

any idea?

thanks.

update_1:

here's test

test 1:

i modified pion source , recompiled it, comment out no_sslv2 line

    m_ssl_context.set_options(         boost::asio::ssl::context::default_workarounds         //| boost::asio::ssl::context::no_sslv2 <------ remove         | boost::asio::ssl::context::single_dh_use);

and leave use sslv23 (there're 4 sslv23 in constructors)

server::server(...)     : .....     m_ssl_context(m_active_scheduler.get_io_service(),                         boost::asio::ssl::context::sslv23), // left sslv23     .... {}

it doesn't work, boost error_code.message() :

peer error no cipher

test 2:

if don't touch no_sslv2

    m_ssl_context.set_options(         boost::asio::ssl::context::default_workarounds         | boost::asio::ssl::context::no_sslv2 <------         | boost::asio::ssl::context::single_dh_use);

and change 4 sslv23 sslv2

server::server(...)     : .....     m_ssl_context(m_active_scheduler.get_io_service(),                         boost::asio::ssl::context::sslv2), // change sslv23 sslv2     .... {}

then works fine. guess it's sslv23 method in constructor matters. in context's constructor:

context::context(context::method m)   : handle_(0) {   switch (m)   {   ...   case context::sslv2:     handle_ = ::ssl_ctx_new(::sslv2_method());     break;   ...   case context::sslv23:     handle_ = ::ssl_ctx_new(::sslv23_method());     break;   }   .... }

sslv23_method not compatible sslv2_method?

and think client use sslv2 because tested openssl:

test 3:

openssl s_server -accept 443 -key server.pem -cert server.pem -ssl2

this makes openssl act server, connect client it, works fine. according openssl's doc, trailing -ssl2 force use sslv2. , neither -ssl3 nor -tls1 works, openssl says: "wrong version number"

update_2

i tried this, seems works, don't know if cause memory leak.

    ssl_ctx_set_ssl_version( // use native handle         m_server_443->get_ssl_context_type().native_handle(), ::sslv2_method()     );

your problem not in construction of m_ssl_context show. specification of ssl::context::sslv23 means server accepts sslv2 or higher begin negotiating secure connection. restriction disallows sslv2 in same file after that:

m_ssl_context.set_options(boost::asio::ssl::context::default_workarounds                           | boost::asio::ssl::context::no_sslv2                           | boost::asio::ssl::context::single_dh_use);

it's ssl::context::no_sslv2 option rejecting sslv2 connections.

you may able reset options this:

ssl_ctx_clear_options(m_server->get_ssl_context_type().native_handle(), ssl_op_no_sslv2) ssl_ctx_set_cipher_list(m_server->get_ssl_context_type().native_handle(), "tlsv1:sslv3:sslv2");

these 2 lines use underlying openssl api (1) clear no_sslv2 option set in set_ssl_key_file() member function, , (2) ensure sslv2 ciphers enabled. using set_options() member function not work because cannot clear set option openssl api function ssl_ctx_clear_options() must used.

it's odd have client uses sslv2 protocol has been deprecated insecure long time (nearly 20 years!).


Comments

Post a Comment

Popular posts from this blog

javascript - Jquery show_hide, what to add in order to make the page scroll to the bottom of the hidden field once button is clicked -

i have button on website when clicked, reveals map. button can seen when page first loads up, when clicked, section holding map slides open , goes out of screen since page loads @ top (normal). want page scroll down bottom of div select when button pushed, if map out of screen. if page scrolled down, , clicks show map button, don't want page jump bottom of map. i tried figure out myself, no luck. seasoned jquery coders able give me guidance? many thanks! map = mapdiv.gmap3("get"); infobox = new infobox({ pixeloffset: new google.maps.size(-220, -310), closeboxurl: '', enableeventpropagation: true }); mapdiv.delegate('.infobox .close','click',function () { infobox.close(); }); jquery(".slidingdiv").hide(); jquery(".show_hide").show(); jquery('.show_hide').click(function(){ lastcenter=map.getcenter(); jquery(".slidingdiv...
Read more

python - Django-cities exits with "killed" -

i trying install django-cities on server 500mb ram. whenever run: manage.py cities the system exits saying killed. trying run: manage.py cities --import=country --force worked, guessing matter of running out of memory. to bypass, tried refer package local copy of cities' data file. still didn't work. any ideas on how can migrate data without having increase memory on server? based on suggestion comments, solved setting temporary swap file. if unfamiliar it, can follow these steps: set swap file touch /var/swap.img chmod 600 /var/swap.img set swap file size cd /var dd if=/dev/zero of=/var/swap.img bs=1024k count=1000 this create 1gb swap file. prepare disk image mkswap /var/swap.img activate swap memory swapon /var/swap.img once done, can turn off swap image: swapoff /var/swap.img more information on virtual memory , swap files can found here: https://www.digitalocean.com/community/tutorials/how-to-configure-virtual-me...
Read more

python - How to get a widget position inside it's layout in Kivy? -

i have gridlayout , added image widgets on after adding of images want draw rectangle in each image using canvas couldn't because don't know exact image widgets positions on gridlayout. code: http://paste.ofcode.org/3bdp9yhjrcrzmsztbu9hqp4 http://paste.ofcode.org/3az3gx4fxzr9dlhe2ami97c in last line of python code : rectangle(pos = (child.x - 2.4, child.y + 467), size = (70, 70)) how draw rectangle in child(my method not good^), also why gridlayout not coming in center after setting it's pos_hint = {"center_x" : .5}? if understand question right, try use such methods to_local() , to_parent() , to_widget() , to_window() . try substract position of gridlayout widgets' positions.
Read more