Skip to content
Permalink
Browse files Browse the repository at this point in the history
[security] Disable TLS 1.0 in stream extension URLs
The stream extension has the functions `stream_socket_server` and
`stream_socket_client` which accept URLs. When a URL starts with
`tls://` it would previously allow TLS 1.0 connections.

TLS 1.0 is deprecated and considered insecure.
  • Loading branch information
Wilfred committed Jan 20, 2023
1 parent 1df824e commit 083f5ff
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions hphp/runtime/base/ssl-socket.cpp
Expand Up @@ -499,7 +499,7 @@ bool SSLSocket::setupCrypto(SSLSocket *session /* = NULL */) {
break;
case CryptoMethod::ClientTLS:
m_data->m_client = true;
smethod = TLSv1_client_method();
smethod = TLS_client_method();
break;
case CryptoMethod::ServerSSLv23:
m_data->m_client = false;
Expand Down Expand Up @@ -542,7 +542,7 @@ bool SSLSocket::setupCrypto(SSLSocket *session /* = NULL */) {

case CryptoMethod::ServerTLS:
m_data->m_client = false;
smethod = TLSv1_server_method();
smethod = TLS_server_method();
break;
default:
return false;
Expand Down

0 comments on commit 083f5ff

Please sign in to comment.