update tls configuration
authoralfadur <mail@none>
Thu, 26 Dec 2019 21:04:37 +0300
changeset 15552 a859f08ebb4f
parent 15551 cc774c6e933e
child 15553 ede5f4ec48f3
update tls configuration
rust/hedgewars-server/src/handlers/inroom.rs
rust/hedgewars-server/src/server/network.rs
--- a/rust/hedgewars-server/src/handlers/inroom.rs	Thu Dec 26 17:39:09 2019 +0300
+++ b/rust/hedgewars-server/src/handlers/inroom.rs	Thu Dec 26 21:04:37 2019 +0300
@@ -51,7 +51,7 @@
 #[cfg(canhazslicepatterns)]
 fn is_msg_valid(msg: &[u8], team_indices: &[u8]) -> bool {
     match msg {
-        [size, typ, body @..] => {
+        [size, typ, body @ ..] => {
             VALID_MESSAGES.contains(typ)
                 && match body {
                     [1..=MAX_HEDGEHOGS_PER_TEAM, team, ..] if *typ == b'h' => {
--- a/rust/hedgewars-server/src/server/network.rs	Thu Dec 26 17:39:09 2019 +0300
+++ b/rust/hedgewars-server/src/server/network.rs	Thu Dec 26 21:04:37 2019 +0300
@@ -722,7 +722,9 @@
             .set_private_key_file("ssl/key.pem", SslFiletype::PEM)
             .expect("Cannot find private key file");
         builder.set_options(SslOptions::NO_COMPRESSION);
-        builder.set_cipher_list("DEFAULT:!LOW:!RC4:!EXP").unwrap();
+        builder.set_options(SslOptions::NO_TLSV1_0);
+        builder.set_options(SslOptions::NO_TLSV1_1);
+        builder.set_cipher_list("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384").unwrap();
         ServerSsl {
             listener,
             context: builder.build(),