Apply patch from @nervuri:matrix.org to stop supporting out of spec versions of TLS

author Neil McKillop <neil@mckillop.org>

Sun, 10 Jan 2021 17:30:08 +0000 (17:30 +0000)

committer Neil McKillop <neil@mckillop.org>

Sun, 10 Jan 2021 17:30:08 +0000 (17:30 +0000)
author Neil McKillop <neil@mckillop.org>
Sun, 10 Jan 2021 17:30:08 +0000 (17:30 +0000)
committer Neil McKillop <neil@mckillop.org>
Sun, 10 Jan 2021 17:30:08 +0000 (17:30 +0000)
diff --git a/server.php b/server.php

index dda1c70..d1be889 100644 (file)
--- a/server.php
+++ b/server.php
@@ -20,11 +20,16 @@ $socket = stream_socket_server("tcp://{$g->ip}:{$g->port}", $errno, $errstr, STR
  
  stream_socket_enable_crypto($socket, false);
  
+// apply patch from @nervuri:matrix.org to stop supporting out of spec versions of TLS
+$cryptoMethod = STREAM_CRYPTO_METHOD_TLS_SERVER
+       & ~ STREAM_CRYPTO_METHOD_TLSv1_0_SERVER
+       & ~ STREAM_CRYPTO_METHOD_TLSv1_1_SERVER;
+
  while(true) {
         $forkedSocket = stream_socket_accept($socket, "-1", $remoteIP);
  
         stream_set_blocking($forkedSocket, true);
-       stream_socket_enable_crypto($forkedSocket, true, STREAM_CRYPTO_METHOD_TLS_SERVER);
+       stream_socket_enable_crypto($forkedSocket, true, $cryptoMethod);
         $line = fread($forkedSocket, 1024);
         stream_set_blocking($forkedSocket, false);
author	Neil McKillop <neil@mckillop.org>
	Sun, 10 Jan 2021 17:30:08 +0000 (17:30 +0000)
committer	Neil McKillop <neil@mckillop.org>
	Sun, 10 Jan 2021 17:30:08 +0000 (17:30 +0000)