Merge pull request #381

2373d8b Package: update symlink for reseed.atomike.ninja.crt (anonimal) 4313e28 HTTP: update SSL options + set ciphers (anonimal)
monero-project · Oct 1, 2016 · dc49bd6 · dc49bd6
2 parents 0613a87 + 2373d8b
commit dc49bd6
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/pkg/certificates/ssl/reseed.atomike.ninja.crt b/pkg/certificates/ssl/reseed.atomike.ninja.crt
@@ -1 +1 @@
-2e5ac55d.0
+ca-certificates.crt
diff --git a/src/client/util/http.cc b/src/client/util/http.cc
@@ -111,8 +111,14 @@ bool HTTP::DownloadViaClearnet() {
     }
     // Set SSL options
     options
+      .always_verify_peer(true)
       .openssl_certificate(cert_path.string())
-      .openssl_sni_hostname(uri.host());
+      .openssl_sni_hostname(uri.host())
+      .openssl_ciphers(
+          "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES"
+          ":ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES"
+          ":!aNULL:!MD5")
+      .openssl_options(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_ALL);
   }
   // Create client with options
   Client client(options);