Add configurable security level to Crypto Managerfix/add_configurable_security_level

author: jacobkeeler <jacob.keeler@livioradio.com> 2021-03-31 16:58:25 -0400
committer: jacobkeeler <jacob.keeler@livioradio.com> 2021-03-31 16:58:25 -0400
commit: d15699769133b7ef27d1306702d0fc9e64c2a084 (patch)
tree: a0b237ba00dc20bb2fc5394e1885d1f9d7814ec6
parent: 40cf3dc7afdab7384c7a0f43336c7a88665db240 (diff)
download: sdl_core-fix/add_configurable_security_level.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc
index 53c61401c3..833fc4da0e 100644
--- a/src/components/security_manager/src/crypto_manager_impl.cc
+++ b/src/components/security_manager/src/crypto_manager_impl.cc
@@ -54,6 +54,10 @@
 #define TLS1_1_MINIMAL_VERSION 0x1000103fL
 #define CONST_SSL_METHOD_MINIMAL_VERSION 0x00909000L
 
+// Can be configured to have stricter requirements for SSL connections depending
+// on your system's requirements
+#define SECURITY_LEVEL 1
+
 namespace security_manager {
 
 SDL_CREATE_LOG_VARIABLE("SecurityManager")
@@ -233,6 +237,7 @@ bool CryptoManagerImpl::Init() {
   // Disable SSL2 as deprecated
   // TLS 1.2 is the max supported TLS version for SDL
   SSL_CTX_set_options(context_, SSL_OP_NO_SSLv2);
+  SSL_CTX_set_security_level(context_, SECURITY_LEVEL);
 
   SaveCertificateData(get_settings().certificate_data());
author	jacobkeeler <jacob.keeler@livioradio.com>	2021-03-31 16:58:25 -0400
committer	jacobkeeler <jacob.keeler@livioradio.com>	2021-03-31 16:58:25 -0400
commit	d15699769133b7ef27d1306702d0fc9e64c2a084 (patch)
tree	a0b237ba00dc20bb2fc5394e1885d1f9d7814ec6
parent	40cf3dc7afdab7384c7a0f43336c7a88665db240 (diff)
download	sdl_core-fix/add_configurable_security_level.tar.gz