View Issue Details

Related ChangesetsJump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0003391libmicrohttpdpublic2014-04-28 17:202021-09-02 17:54
Reportermsmeissn Assigned ToChristian Grothoff  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
PlatformLinuxOSLinux 
Product VersionGit master 
Target Version0.9.35Fixed in Version0.9.35 
Summary0003391: insecure default cipher left from debugging
Descriptionlibmicrohttpd-0.9.30/src/microspdy/io_openssl.c
has:
        //TODO only RC4-SHA is used to make it easy to debug with wireshark
    if (1 != SSL_CTX_set_cipher_list(daemon->io_context, "RC4-SHA"))
    {
                SPDYF_DEBUG("Couldn't set the desired cipher list");
                SSL_CTX_free(daemon->io_context);
                return SPDY_NO;
        }
        


This is an insecure cipher... and probably left from debugging.

Please use the default openssl cipher suite at least.
Steps To Reproducesource review
TagsNo tags attached.

Activities

Christian Grothoff

2014-05-02 20:43

manager   ~0008276

Switched to "HIGH" in SVN 33158. Thanks for reporting.

Christian Grothoff

2021-09-02 17:54

manager   ~0018206

Fix committed to master branch.

Related Changesets

libmicrohttpd: master 7231b7f8

2014-05-02 22:43

Christian Grothoff


Details Diff		 fix 0003391 Affected Issues
0003391
mod - ChangeLog Diff File
mod - configure.ac Diff File
mod - src/include/microhttpd.h Diff File
mod - src/microspdy/io_openssl.c Diff File

Issue History

Date Modified Username Field Change
2014-04-28 17:20 msmeissn New Issue
2014-05-02 20:43 Christian Grothoff Note Added: 0008276
2014-05-02 20:43 Christian Grothoff Status new => resolved
2014-05-02 20:43 Christian Grothoff Fixed in Version => 0.9.35
2014-05-02 20:43 Christian Grothoff Resolution open => fixed
2014-05-02 20:43 Christian Grothoff Assigned To => Christian Grothoff
2014-05-02 20:43 Christian Grothoff Product Version => Git master
2014-05-02 20:43 Christian Grothoff Target Version => 0.9.35
2014-05-02 20:44 Christian Grothoff Reproducibility have not tried => always
2014-05-02 20:52 Christian Grothoff Status resolved => closed
2016-04-09 16:54 Christian Grothoff Category SPDY TLS => (No Category)
2021-09-02 17:54 Christian Grothoff Changeset attached => libmicrohttpd master 7231b7f8
2021-09-02 17:54 Christian Grothoff Note Added: 0018206