Skip to content
Permalink
Browse files

Mumble: add 'net/sslciphers' hidden setting to allow configuring the …

…client's advertised TLS cipher suites.

Like Murmur's "sslCiphers" option, this option also uses the
OpenSSL cipher list format.

See: https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT
  • Loading branch information...
mkrautz committed May 21, 2015
1 parent a3f93f7 commit 8ae710b5890fde6952e58763497262d45d8ae59c
Showing with 23 additions and 8 deletions.
  1. +11 −8 src/mumble/ServerHandler.cpp
  2. +9 −0 src/mumble/Settings.cpp
  3. +3 −0 src/mumble/Settings.h
@@ -100,15 +100,18 @@ ServerHandler::ServerHandler() {
MumbleSSL::addSystemCA();

{
QList<QSslCipher> pref;
foreach(QSslCipher c, QSslSocket::defaultCiphers()) {
if (c.usedBits() < 128)
continue;
pref << c;
QList<QSslCipher> ciphers = MumbleSSL::ciphersFromOpenSSLCipherString(g.s.qsSslCiphers);
if (ciphers.isEmpty()) {
qFatal("Invalid 'net/sslciphers' config option. Either the cipher string is invalid or none of the ciphers are available:: \"%s\"", qPrintable(g.s.qsSslCiphers));
}
if (pref.isEmpty())
qFatal("No ciphers of at least 128 bit found");
QSslSocket::setDefaultCiphers(pref);

QSslSocket::setDefaultCiphers(ciphers);

QStringList pref;
foreach (QSslCipher c, ciphers) {
pref << c.name();
}
qWarning("ServerHandler: TLS cipher preference is \"%s\"", qPrintable(pref.join(QLatin1String(":"))));
}

#ifdef Q_OS_WIN
@@ -37,6 +37,8 @@
#include "Cert.h"
#include "Log.h"
#include "Global.h"
#include "SSL.h"

#include "../../overlay/overlay.h"

bool Shortcut::isServerSpecific() const {
@@ -370,6 +372,7 @@ Settings::Settings() {
iMaxImageWidth = 1024; // Allow 1024x1024 resolution
iMaxImageHeight = 1024;
bSuppressIdentity = false;
qsSslCiphers = MumbleSSL::defaultOpenSSLCipherString();

bShowTransmitModeComboBox = false;

@@ -650,6 +653,9 @@ void Settings::load(QSettings* settings_ptr) {
SAVELOAD(iMaxImageHeight, "net/maximageheight");
SAVELOAD(qsRegionalHost, "net/region");

// Network settings - SSL
SAVELOAD(qsSslCiphers, "net/sslciphers");

SAVELOAD(bExpert, "ui/expert");
SAVELOAD(qsLanguage, "ui/language");
SAVELOAD(qsStyle, "ui/style");
@@ -951,6 +957,9 @@ void Settings::save() {
SAVELOAD(iMaxImageHeight, "net/maximageheight");
SAVELOAD(qsRegionalHost, "net/region");

// Network settings - SSL
SAVELOAD(qsSslCiphers, "net/sslciphers");

SAVELOAD(bExpert, "ui/expert");
SAVELOAD(qsLanguage, "ui/language");
SAVELOAD(qsStyle, "ui/style");
@@ -298,6 +298,9 @@ struct Settings {
unsigned short usProxyPort;
QString qsRegionalHost;

// Network settings - SSL
QString qsSslCiphers;

static const int ciDefaultMaxImageSize = 50 * 1024; // Restrict to 50KiB as a default
int iMaxImageSize;
int iMaxImageWidth;

0 comments on commit 8ae710b

Please sign in to comment.
You can’t perform that action at this time.