gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

支持通过拦截策略指定ssl最大和最小版本号。

Browse Source
This commit is contained in:
zhengchao
2019-05-24 14:20:44 +08:00
parent 6b197e3347
commit f66658117a
2 changed files with 34 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugin/business/ssl-policy/src/ssl_policy.cpp
View File

@@ -185,8 +185,8 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
int pinning_staus=0, is_ev=0, is_ct=0, is_mauth=0, has_error=0;
if(!param->mirror_client_version)
{
ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_PROTOCOL_MIN_VERSION, SSL3_VERSION);
ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_PROTOCOL_MIN_VERSION, TLS1_3_VERSION);
ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_PROTOCOL_MIN_VERSION, param->ssl_min_version);
ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_PROTOCOL_MAX_VERSION, param->ssl_max_version);
}
ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_NO_VERIFY_COMMON_NAME, param->no_verify_cn);
ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_NO_VERIFY_ISSUER, param->no_verify_issuer);