Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
made cipher spec configurable
  • Loading branch information
kraih committed Oct 16, 2013
1 parent 24a684f commit 71d1997
Show file tree
Hide file tree
Showing 6 changed files with 41 additions and 17 deletions.
4 changes: 4 additions & 0 deletions Changes
@@ -1,4 +1,8 @@

4.49 2013-10-17
- Added tls_ciphers option to Mojo::IOLoop::Server::listen.
- Added ciphers parameter to Mojo::Server::Daemon::listen.

4.48 2013-10-16
- Fixed support for Net::SSLeay 1.55.

Expand Down
10 changes: 8 additions & 2 deletions lib/Mojo/IOLoop/Server.pm
Expand Up @@ -90,8 +90,8 @@ sub listen {
# Prioritize RC4 to mitigate BEAST attack
my $options = $self->{tls} = {
SSL_cert_file => $args->{tls_cert} || $CERT,
SSL_cipher_list =>
'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH',
SSL_cipher_list => $args->{tls_ciphers}
// 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH',
SSL_honor_cipher_order => 1,
SSL_key_file => $args->{tls_key} || $KEY,
SSL_startHandshake => 0,
Expand Down Expand Up @@ -284,6 +284,12 @@ Path to TLS certificate authority file.
Path to the TLS cert file, defaults to a built-in test certificate.
=item tls_ciphers
tls_ciphers => 'AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH'
Cipher specification string.
=item tls_key
tls_key => '/etc/tls/server.key'
Expand Down
21 changes: 14 additions & 7 deletions lib/Mojo/Server/Daemon.pm
Expand Up @@ -163,13 +163,14 @@ sub _listen {
my $url = Mojo::URL->new($listen);
my $query = $url->query;
my $options = {
address => $url->host,
backlog => $self->backlog,
port => $url->port,
reuse => scalar $query->param('reuse'),
tls_ca => scalar $query->param('ca'),
tls_cert => scalar $query->param('cert'),
tls_key => scalar $query->param('key')
address => $url->host,
backlog => $self->backlog,
port => $url->port,
reuse => scalar $query->param('reuse'),
tls_ca => scalar $query->param('ca'),
tls_cert => scalar $query->param('cert'),
tls_ciphers => scalar $query->param('ciphers'),
tls_key => scalar $query->param('key')
};
my $verify = $query->param('verify');
$options->{tls_verify} = hex $verify if defined $verify;
Expand Down Expand Up @@ -394,6 +395,12 @@ Path to TLS certificate authority file.
Path to the TLS cert file, defaults to a built-in test certificate.
=item ciphers
ciphers=AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
Cipher specification string.
=item key
key=/etc/tls/server.key
Expand Down
2 changes: 1 addition & 1 deletion lib/Mojolicious.pm
Expand Up @@ -43,7 +43,7 @@ has types => sub { Mojolicious::Types->new };
has validator => sub { Mojolicious::Validator->new };

our $CODENAME = 'Top Hat';
our $VERSION = '4.48';
our $VERSION = '4.49';

sub AUTOLOAD {
my $self = shift;
Expand Down
18 changes: 11 additions & 7 deletions t/mojo/ioloop_tls.t
Expand Up @@ -311,15 +311,17 @@ ok $client_err, 'has error';
# Ignore invalid client certificate
$loop = Mojo::IOLoop->new;
$port = Mojo::IOLoop->generate_port;
my $cipher;
($server, $client, $client_err) = ();
$loop->server(
address => '127.0.0.1',
port => $port,
tls => 1,
tls_ca => 't/mojo/certs/ca.crt',
tls_cert => 't/mojo/certs/server.crt',
tls_key => 't/mojo/certs/server.key',
tls_verify => 0x00,
address => '127.0.0.1',
port => $port,
tls => 1,
tls_ca => 't/mojo/certs/ca.crt',
tls_cert => 't/mojo/certs/server.crt',
tls_ciphers => 'RC4-MD5:ALL',
tls_key => 't/mojo/certs/server.key',
tls_verify => 0x00,
sub {
my ($loop, $stream) = @_;
$stream->on(close => sub { $loop->stop });
Expand All @@ -336,11 +338,13 @@ $loop->client(
$stream->timeout(0.5);
$client_err = $err;
$client = 'connected';
$cipher = $stream->handle->get_cipher;
}
);
$loop->start;
is $server, 'accepted', 'right result';
is $client, 'connected', 'right result';
ok !$client_err, 'no error';
is $cipher, 'RC4-MD5', 'RC4-MD5 has been negotiatied';

done_testing();
3 changes: 3 additions & 0 deletions t/mojo/user_agent_tls.t
Expand Up @@ -128,6 +128,7 @@ $listen
. '?cert=t/mojo/certs/server.crt'
. '&key=t/mojo/certs/server.key'
. '&ca=t/mojo/certs/ca.crt'
. '&ciphers=RC4-MD5:ALL'
. '&verify=0x00';
$daemon->listen([$listen])->start;

Expand All @@ -137,5 +138,7 @@ $ua->cert('t/mojo/certs/badclient.crt')->key('t/mojo/certs/badclient.key');
$tx = $ua->get("https://localhost:$port");
ok $tx->success, 'successful';
ok !$tx->error, 'no error';
is $ua->ioloop->stream($tx->connection)->handle->get_cipher, 'RC4-MD5',
'RC4-MD5 has been negotiatied';

done_testing();

0 comments on commit 71d1997

Please sign in to comment.