new options for xrdp.ini disableSSlv3=yes and tls_ciphers=HIGH and code to implement

1 files changed, 3 insertions, 2 deletions

diff --git a/common/trans.c b/common/trans.c
index 9e877d5c..432b6334 100644
--- a/common/trans.c
+++ b/common/trans.c
@@ -881,7 +881,8 @@ trans_get_out_s(struct trans *self, int size)
 /*****************************************************************************/
 /* returns error */
 int APP_CC
-trans_set_tls_mode(struct trans *self, const char *key, const char *cert)
+trans_set_tls_mode(struct trans *self, const char *key, const char *cert,
+                   int disableSSLv3, const char *tls_ciphers)
 {
     self->tls = ssl_tls_create(self, key, cert);
     if (self->tls == NULL)
@@ -890,7 +891,7 @@ trans_set_tls_mode(struct trans *self, const char *key, const char *cert)
         return 1;
     }
 
-    if (ssl_tls_accept(self->tls) != 0)
+    if (ssl_tls_accept(self->tls, disableSSLv3, tls_ciphers) != 0)
     {
         g_writeln("trans_set_tls_mode: ssl_tls_accept failed");
         return 1;