Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
allow the TLS protocol version to be configured (closes #844)
  • Loading branch information
kraih committed Sep 12, 2015
1 parent e88df60 commit 3ca46ad
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 5 deletions.
4 changes: 3 additions & 1 deletion Changes
@@ -1,7 +1,9 @@

6.19 2015-09-11
6.19 2015-09-12
- Added code of conduct to Mojolicious::Guides::Contributing.
- Added ignore attribute to Mojo::UserAgent::CookieJar.
- Added tls_version option to Mojo::IOLoop::Server::listen.
- Added version parameter to Mojo::Server::Daemon::listen.

6.18 2015-09-02
- Improved portability of slurp function in Mojo::Util.
Expand Down
9 changes: 8 additions & 1 deletion lib/Mojo/IOLoop/Server.pm
Expand Up @@ -97,6 +97,7 @@ sub listen {
$tls->{SSL_ca_file} = $args->{tls_ca}
if $args->{tls_ca} && -T $args->{tls_ca};
$tls->{SSL_cipher_list} = $args->{tls_ciphers} if $args->{tls_ciphers};
$tls->{SSL_version} = $args->{tls_version} if $args->{tls_version};
}

sub port { shift->{handle}->sockport }
Expand Down Expand Up @@ -287,7 +288,7 @@ Path to the TLS cert file, defaults to a built-in test certificate.
tls_ciphers => 'AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH'
Cipher specification string. For more information about the format see
TLS cipher specification string. For more information about the format see
L<https://www.openssl.org/docs/manmaster/apps/ciphers.html#CIPHER-STRINGS>.
=item tls_key
Expand All @@ -302,6 +303,12 @@ Path to the TLS key file, defaults to a built-in test key.
TLS verification mode, defaults to C<0x03>.
=item tls_version
tls_version => 'TLSv1_2'
TLS protocol version.
=back
=head2 port
Expand Down
10 changes: 8 additions & 2 deletions lib/Mojo/Server/Daemon.pm
Expand Up @@ -158,7 +158,7 @@ sub _listen {
reuse => $query->param('reuse')
};
if (my $port = $url->port) { $options->{port} = $port }
$options->{"tls_$_"} = $query->param($_) for qw(ca cert ciphers key);
$options->{"tls_$_"} = $query->param($_) for qw(ca cert ciphers key version);
my $verify = $query->param('verify');
$options->{tls_verify} = hex $verify if defined $verify;
delete $options->{address} if $options->{address} eq '*';
Expand Down Expand Up @@ -392,7 +392,7 @@ Path to the TLS cert file, defaults to a built-in test certificate.
ciphers=AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
Cipher specification string. For more information about the format see
TLS cipher specification string. For more information about the format see
L<https://www.openssl.org/docs/manmaster/apps/ciphers.html#CIPHER-STRINGS>.
=item key
Expand All @@ -414,6 +414,12 @@ option.
TLS verification mode, defaults to C<0x03>.
=item version
version=TLSv1_2
TLS protocol version.
=back
=head2 max_clients
Expand Down
6 changes: 5 additions & 1 deletion t/mojo/user_agent_tls.t
Expand Up @@ -85,17 +85,21 @@ $listen
. '&key=t/mojo/certs/server.key'
. '&ca=t/mojo/certs/ca.crt'
. '&ciphers=RC4-SHA:ALL'
. '&verify=0x00';
. '&verify=0x00'
. '&version=SSLv3';
$daemon->listen([$listen])->start;
$port = Mojo::IOLoop->acceptor($daemon->acceptors->[0])->port;

# Invalid certificate
$ua = Mojo::UserAgent->new(ioloop => $ua->ioloop);
$ua->cert('t/mojo/certs/bad.crt')->key('t/mojo/certs/bad.key');
IO::Socket::SSL::set_defaults(SSL_version => 'SSLv3');
$tx = $ua->get("https://127.0.0.1:$port");
ok $tx->success, 'successful';
ok !$tx->error, 'no error';
is $ua->ioloop->stream($tx->connection)->handle->get_cipher, 'RC4-SHA',
'RC4-SHA has been negotiatied';
is $ua->ioloop->stream($tx->connection)->handle->get_sslversion, 'SSLv3',
'SSLv3 has been negotiatied';

done_testing();

0 comments on commit 3ca46ad

Please sign in to comment.