diff options
| author | Alexandru Scvortov <alexandru@rabbitmq.com> | 2010-09-13 10:16:20 +0100 |
|---|---|---|
| committer | Alexandru Scvortov <alexandru@rabbitmq.com> | 2010-09-13 10:16:20 +0100 |
| commit | c6346d0a7004228d8238f4221a1303853b5fd466 (patch) | |
| tree | 25cb93a7c968c2177a10a6ba60a051d05a06aa0c | |
| parent | 102e9dcfd59ce8dd280f21242cbe41f5912d3750 (diff) | |
| download | rabbitmq-server-git-c6346d0a7004228d8238f4221a1303853b5fd466.tar.gz | |
use OTP functions to decide whether a cipher suite uses RC4 or not
| -rw-r--r-- | src/rabbit_networking.erl | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/src/rabbit_networking.erl b/src/rabbit_networking.erl index a2ddfb1490..3dd2d3f744 100644 --- a/src/rabbit_networking.erl +++ b/src/rabbit_networking.erl @@ -46,6 +46,8 @@ -include("rabbit.hrl"). -include_lib("kernel/include/inet.hrl"). +-include_lib("ssl/src/ssl_record.hrl"). + -define(RABBIT_TCP_OPTS, [ binary, @@ -118,14 +120,17 @@ boot_ssl() -> end, % In R13B04 and R14A (at least), rc4 is incorrectly implemented. CipherSuites = proplists:get_value(ciphers, SslOpts, ssl:cipher_suites()), - FilteredCipherSuites = lists:filter( - fun ({_, rc4_128, _}) -> - false; - (S) when is_list(S) -> - string:str(S, "RC4") =:= 0; - (_) -> - true - end, CipherSuites), + FilteredCipherSuites = + [C || C <- CipherSuites, + begin + SuiteCode = case C of + T when is_tuple(C) -> ssl_cipher:suite(T); + S when is_list(C) -> ssl_cipher:openssl_suite(S) + end, + SP = ssl_cipher:security_parameters(SuiteCode, + #security_parameters{}), + SP#security_parameters.bulk_cipher_algorithm =/= ?RC4 + end], SslOpts1 = [{ciphers, FilteredCipherSuites} | [{K, V} || {K, V} <- SslOpts, K =/= ciphers]], [start_ssl_listener(Host, Port, SslOpts1) || {Host, Port} <- SslListeners], |