From 1c79adc004203d7819d938a9046970bd242a6eac Mon Sep 17 00:00:00 2001 From: JackLivio Date: Wed, 23 Mar 2022 17:03:25 -0400 Subject: Set secure wss cipher list (#3885) * Set secure wss cipher list * Update src/components/transport_manager/src/cloud/websocket_client_connection.cc Co-authored-by: Jacob Keeler Co-authored-by: Jacob Keeler --- .../transport_manager/src/cloud/websocket_client_connection.cc | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/components/transport_manager/src/cloud/websocket_client_connection.cc b/src/components/transport_manager/src/cloud/websocket_client_connection.cc index e0fcbd983b..6a28c6a7ff 100644 --- a/src/components/transport_manager/src/cloud/websocket_client_connection.cc +++ b/src/components/transport_manager/src/cloud/websocket_client_connection.cc @@ -50,7 +50,7 @@ WebsocketClientConnection::WebsocketClientConnection( , resolver_(ioc_) , ws_(ioc_) #ifdef ENABLE_SECURITY - , ctx_(ssl::context::sslv23_client) + , ctx_(ssl::context::tlsv12_client) , wss_(ioc_, ctx_) #endif // ENABLE_SECURITY , shutdown_(false) @@ -59,6 +59,14 @@ WebsocketClientConnection::WebsocketClientConnection( , device_uid_(device_uid) , app_handle_(app_handle) , io_pool_(1) { +#ifdef ENABLE_SECURITY + const char* wss_ciphers = + "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-" + "CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-" + "SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-" + "AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"; + SSL_CTX_set_cipher_list(ctx_.native_handle(), wss_ciphers); +#endif } WebsocketClientConnection::~WebsocketClientConnection() { -- cgit v1.2.1