add a new flag to enforce tls1.2
This commit is contained in:
parent
bc8b4ade1c
commit
7ce4d8b196
@ -2895,6 +2895,10 @@ int freerdp_client_settings_parse_command_line_arguments(rdpSettings* settings,
|
||||
|
||||
settings->TlsSecLevel = (UINT32)val;
|
||||
}
|
||||
CommandLineSwitchCase(arg, "enforce-tlsv1_2")
|
||||
{
|
||||
settings->EnforceTLSv1_2 = enable;
|
||||
}
|
||||
CommandLineSwitchCase(arg, "cert")
|
||||
{
|
||||
int rc = 0;
|
||||
|
@ -369,6 +369,8 @@ static const COMMAND_LINE_ARGUMENT_A global_cmd_args[] = {
|
||||
"Allowed TLS ciphers" },
|
||||
{ "tls-seclevel", COMMAND_LINE_VALUE_REQUIRED, "<level>", "1", NULL, -1, NULL,
|
||||
"TLS security level - defaults to 1" },
|
||||
{ "enforce-tlsv1_2", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueFalse, NULL, -1, NULL,
|
||||
"Use TLS1.2 for connection." },
|
||||
{ "toggle-fullscreen", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,
|
||||
"Alt+Ctrl+Enter to toggle fullscreen" },
|
||||
{ "tune", COMMAND_LINE_VALUE_REQUIRED, "<setting:value>,<setting:value>", "", NULL, -1, NULL,
|
||||
|
@ -635,6 +635,7 @@ typedef struct
|
||||
#define FreeRDP_NtlmSamFile (1103)
|
||||
#define FreeRDP_FIPSMode (1104)
|
||||
#define FreeRDP_TlsSecLevel (1105)
|
||||
#define FreeRDP_EnforceTLSv1_2 (1107)
|
||||
#define FreeRDP_SspiModule (1106)
|
||||
#define FreeRDP_MstscCookieMode (1152)
|
||||
#define FreeRDP_CookieMaxLength (1153)
|
||||
@ -1123,7 +1124,8 @@ struct rdp_settings
|
||||
ALIGN64 BOOL FIPSMode; /* 1104 */
|
||||
ALIGN64 UINT32 TlsSecLevel; /* 1105 */
|
||||
ALIGN64 char* SspiModule; /* 1106 */
|
||||
UINT64 padding1152[1152 - 1107]; /* 1107 */
|
||||
ALIGN64 BOOL EnforceTLSv1_2; /* 1107 */
|
||||
UINT64 padding1152[1152 - 1108]; /* 1108 */
|
||||
|
||||
/* Connection Cookie */
|
||||
ALIGN64 BOOL MstscCookieMode; /* 1152 */
|
||||
|
@ -862,7 +862,7 @@ int tls_connect(rdpTls* tls, BIO* underlying)
|
||||
|
||||
if (!tls_prepare(tls, underlying, SSLv23_client_method(), options, TRUE))
|
||||
#else
|
||||
if (!tls_prepare(tls, underlying, TLS_client_method(), options, TRUE))
|
||||
if (!tls_prep(tls, underlying, options, TRUE))
|
||||
#endif
|
||||
return 0;
|
||||
|
||||
@ -872,6 +872,18 @@ int tls_connect(rdpTls* tls, BIO* underlying)
|
||||
return tls_do_handshake(tls, TRUE);
|
||||
}
|
||||
|
||||
BOOL tls_prep(rdpTls* tls, BIO* underlying, int options, BOOL clientMode)
|
||||
{
|
||||
if (tls->settings->EnforceTLSv1_2)
|
||||
{
|
||||
return tls_prepare(tls, underlying, TLSv1_2_client_method(), options, TRUE);
|
||||
}
|
||||
else
|
||||
{
|
||||
return tls_prepare(tls, underlying, TLS_client_method(), options, TRUE);
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(MICROSOFT_IOS_SNI_BUG) && !defined(OPENSSL_NO_TLSEXT) && \
|
||||
!defined(LIBRESSL_VERSION_NUMBER)
|
||||
static void tls_openssl_tlsext_debug_callback(SSL* s, int client_server, int type,
|
||||
|
Loading…
Reference in New Issue
Block a user