boost::shared_ptr<boost::asio::ssl::context> http_server_base::new_context(boost::system::error_code & ec) { // see create_server_pem.bat which in the create_pem folder auto ptr = boost::make_shared<boost::asio::ssl::context>(boost::asio::ssl::context::sslv23); if (!ptr) { return nullptr; } ptr->set_options( boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | boost::asio::ssl::context::single_dh_use, ec); if (ec) return nullptr; ptr->set_password_callback(&http_server_base::get_password, ec); if (ec) return nullptr; ptr->use_certificate_chain_file("work.crt", ec); if (ec) return nullptr; ptr->use_private_key_file("work.key", boost::asio::ssl::context::pem, ec); if (ec) return nullptr; ptr->use_tmp_dh_file("dh512.pem", ec); if (ec) return nullptr; return ptr; }
std::shared_ptr<ssl_context> WSService::make_ssl_ctx() { auto ssl_ctx_ptr = std::make_shared<ssl_context>(ssl_context::tlsv12); // SSL settings ssl_ctx_ptr->set_options( ssl_context::default_workarounds | ssl_context::single_dh_use | ssl_context::no_sslv2 | ssl_context::no_sslv3 | ssl_context::no_tlsv1 | ssl_context::no_tlsv1_1 ); ssl_ctx_ptr->set_verify_mode(boost::asio::ssl::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert); ssl_ctx_ptr->use_certificate_file(Config::get()->paths().cert_path.string(std::codecvt_utf8_utf16<wchar_t>()), ssl_context::pem); ssl_ctx_ptr->use_private_key_file(Config::get()->paths().key_path.string(std::codecvt_utf8_utf16<wchar_t>()), ssl_context::pem); SSL_CTX_set_cipher_list(ssl_ctx_ptr->native_handle(), "ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256"); return ssl_ctx_ptr; }
static boost::shared_ptr<boost::asio::ssl::context> make_context(Func& password_handler, boost::system::error_code& ec, boost::asio::ssl::context::method method = boost::asio::ssl::context::sslv23, std::string certificate_chain_file = "work.crt", std::string private_key_file = "work.key", std::string dh_file = std::string() /* = "dh512.pem" */ ) { // see create_server_pem.bat which in the create_pem folder auto ptr = boost::make_shared<boost::asio::ssl::context>(boost::asio::ssl::context::sslv23); if (!ptr) { return nullptr; } ptr->set_options( boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | boost::asio::ssl::context::single_dh_use, ec); if (ec) return nullptr; ptr->set_password_callback(password_handler, ec); if (ec) return nullptr; ptr->use_certificate_chain_file(certificate_chain_file, ec); if (ec) return nullptr; ptr->use_private_key_file(private_key_file, boost::asio::ssl::context::pem, ec); if (ec) return nullptr; ptr->use_tmp_dh_file(dh_file, ec); if (ec) return nullptr; return ptr; }