Use SSLv23 for ifmap clients. SSLv3 is no longer supported.

Change-Id: Ieea5b157ce16b1526cd38e897da91af652add612 Closes-Bug: 1414790 (cherry picked from commit a968fe4)
Juniper · Feb 6, 2015 · 2fbc58b · 2fbc58b
1 parent 16dfb52
commit 2fbc58b
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/ifmap/client/ifmap_channel.cc b/src/ifmap/client/ifmap_channel.cc
@@ -121,7 +121,7 @@ void IFMapChannel::ChannelUseCertAuth(const std::string& certstore)
 IFMapChannel::IFMapChannel(IFMapManager *manager, const std::string& user,
                 const std::string& passwd, const std::string& certstore)
     : manager_(manager), resolver_(*(manager->io_service())),
-      ctx_(*(manager->io_service()), boost::asio::ssl::context::sslv3_client),
+      ctx_(*(manager->io_service()), boost::asio::ssl::context::sslv23_client),
       io_strand_(*(manager->io_service())),
       ssrc_socket_(new SslStream((*manager->io_service()), ctx_)),
       arc_socket_(new SslStream((*manager->io_service()), ctx_)),
@@ -300,6 +300,10 @@ void IFMapChannel::DoSslHandshakeInMainThr(bool is_ssrc) {
     SslStream *socket =
         ((is_ssrc == true) ? ssrc_socket_.get() : arc_socket_.get());
 
+    // Calling openssl api directly because boost doesn't provide a way to set
+    // the cipher
+    SSL_set_cipher_list(socket->native_handle(), "RC4-SHA");
+
     // handshake as 'client'
     socket->async_handshake(boost::asio::ssl::stream_base::client,
         boost::bind(&IFMapStateMachine::ProcHandshakeResponse, state_machine_,