From ec115d017e6a9652dac1d443d7adf70bdc0ca0a5 Mon Sep 17 00:00:00 2001 From: Neil McKillop Date: Sun, 10 Jan 2021 17:30:08 +0000 Subject: [PATCH] Apply patch from @nervuri:matrix.org to stop supporting out of spec versions of TLS --- server.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/server.php b/server.php index dda1c70..d1be889 100644 --- a/server.php +++ b/server.php @@ -20,11 +20,16 @@ $socket = stream_socket_server("tcp://{$g->ip}:{$g->port}", $errno, $errstr, STR stream_socket_enable_crypto($socket, false); +// apply patch from @nervuri:matrix.org to stop supporting out of spec versions of TLS +$cryptoMethod = STREAM_CRYPTO_METHOD_TLS_SERVER + & ~ STREAM_CRYPTO_METHOD_TLSv1_0_SERVER + & ~ STREAM_CRYPTO_METHOD_TLSv1_1_SERVER; + while(true) { $forkedSocket = stream_socket_accept($socket, "-1", $remoteIP); stream_set_blocking($forkedSocket, true); - stream_socket_enable_crypto($forkedSocket, true, STREAM_CRYPTO_METHOD_TLS_SERVER); + stream_socket_enable_crypto($forkedSocket, true, $cryptoMethod); $line = fread($forkedSocket, 1024); stream_set_blocking($forkedSocket, false);