Disable SSLv2 and SSLv3 protocol. Add sslciphers option

coova / coova-chilli

CoovaChilli is an open-source software access controller for captive portal hotspots.

Other

516 stars 258 forks source link

Disable SSLv2 and SSLv3 protocol. Add sslciphers option #228

Closed pr0gg3d closed 8 years ago

pr0gg3d commented 8 years ago

This patch:

Disables SSLv2 and SSLv3 since they are no more secure (like POODLE, DROWN, etc).
Allow explicitly specify SSL ciphers (like apache and other do) via sslciphers configuration option. This enable users to exclude some low ciphers if they want.

sevan commented 8 years ago

Hi, Thanks for the pull request, will try & look at it later today (Sunday) for you. I committed some bits related to this before Christmas but never received any feedback. https://github.com/sevan/coova-chilli/tree/poodle

pr0gg3d commented 8 years ago

@sevan Thanks for interesting! I still undecided if we should differentiate the cipher list (and protocols) between server (used for redirection on port 3991) and client (that will be used for RadSec).

For sure server is way more important since it's exposed to (untrusted) hotspot clients.

pr0gg3d commented 8 years ago

Hi, any news on this?