From 13ab20037268c1107a396935ca76086de2794ae3 Mon Sep 17 00:00:00 2001 From: Vlad Lipskiy Date: Fri, 2 Apr 2021 18:01:44 +0300 Subject: [PATCH 1/2] Enables TLS 1.3 support in server_https. --- server_https.hpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/server_https.hpp b/server_https.hpp index 48ae673..c563078 100644 --- a/server_https.hpp +++ b/server_https.hpp @@ -28,7 +28,11 @@ namespace SimpleWeb { * @param verify_file If non-empty, use this certificate authority file to perform verification of client's certificate and hostname according to RFC 2818. */ Server(const std::string &certification_file, const std::string &private_key_file, const std::string &verify_file = std::string()) - : ServerBase::ServerBase(443), context(asio::ssl::context::tlsv12) { + : ServerBase::ServerBase(443), context(asio::ssl::context::tls_server) { + // Disabling TLS 1.0 and 1.1 (see RFC 8996) + context.set_options(asio::ssl::context::no_tlsv1); + context.set_options(asio::ssl::context::no_tlsv1_1); + context.use_certificate_chain_file(certification_file); context.use_private_key_file(private_key_file, asio::ssl::context::pem); From d60136d6b278e94c3b754c35cb5dd602a6c66385 Mon Sep 17 00:00:00 2001 From: Vlad Lipskiy Date: Fri, 9 Apr 2021 12:31:28 +0300 Subject: [PATCH 2/2] Replaces context::tls_server with context::ssl23_server to support older boost versions. tls, tls_client and tls_server contexts were added only in boost 1.63. --- server_https.hpp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/server_https.hpp b/server_https.hpp index c563078..c699995 100644 --- a/server_https.hpp +++ b/server_https.hpp @@ -28,8 +28,12 @@ namespace SimpleWeb { * @param verify_file If non-empty, use this certificate authority file to perform verification of client's certificate and hostname according to RFC 2818. */ Server(const std::string &certification_file, const std::string &private_key_file, const std::string &verify_file = std::string()) - : ServerBase::ServerBase(443), context(asio::ssl::context::tls_server) { - // Disabling TLS 1.0 and 1.1 (see RFC 8996) + : ServerBase::ServerBase(443), + // This includes TLS as well + context(asio::ssl::context::sslv23_server) { + // Disabling SSL, TLS 1.0 and 1.1 (see RFC 8996) + context.set_options(asio::ssl::context::no_sslv2); + context.set_options(asio::ssl::context::no_sslv3); context.set_options(asio::ssl::context::no_tlsv1); context.set_options(asio::ssl::context::no_tlsv1_1);