diff options
author | sawanoboly <sawanoboriyu@higanworks.com> | 2014-11-27 11:57:39 +0900 |
---|---|---|
committer | sawanoboly <sawanoboriyu@higanworks.com> | 2014-11-27 11:57:39 +0900 |
commit | c3ba7bd3ee1c7226381cbaf3f7ff54bb5f60491a (patch) | |
tree | a87e6a11f68863188eb38b7fe023c6e63de6d454 | |
parent | 8788aa9da7f3c420bcab8d001208d4cb2cfc4883 (diff) | |
download | chef-zero-c3ba7bd3ee1c7226381cbaf3f7ff54bb5f60491a.tar.gz |
disable sslv3 and few unsecure options
-rw-r--r-- | lib/chef_zero/server.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/lib/chef_zero/server.rb b/lib/chef_zero/server.rb index fb2b127..d8ae623 100644 --- a/lib/chef_zero/server.rb +++ b/lib/chef_zero/server.rb @@ -234,6 +234,7 @@ module ChefZero :AccessLog => [], :Logger => WEBrick::Log.new(StringIO.new, 7), :SSLEnable => options[:ssl], + :SSLOptions => ssl_opts, :SSLCertName => [ [ 'CN', WEBrick::Utils::getservername ] ], :StartCallback => proc { @running = true @@ -597,5 +598,16 @@ module ChefZero end value end + + ## Disable unsecure ssl + ## Ref: https://www.ruby-lang.org/en/news/2014/10/27/changing-default-settings-of-ext-openssl/ + def ssl_opts + ssl_opts = OpenSSL::SSL::OP_ALL + ssl_opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS) + ssl_opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION) + ssl_opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2) + ssl_opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3) + ssl_opts + end end end |