Protect GUI HTTPS from some attacks

- Disable SSLv3 against POODLE - Disable RC4 as a weak cipher - Set the CommonName to the system host name
2014-12-09 10:42:56 +01:00
parent d2c0b8374a
commit fdd458d2fe
3 changed files with 31 additions and 10 deletions
--- a/cmd/syncthing/main.go
+++ b/cmd/syncthing/main.go
@@ -273,7 +273,7 @@ func main() {
 			l.Warnln("Key exists; will not overwrite.")
 			l.Infoln("Device ID:", protocol.NewDeviceID(cert.Certificate[0]))
 		} else {
-			newCertificate(dir, "")
+			newCertificate(dir, "", tlsDefaultCommonName)
 			cert, err = loadCert(dir, "")
 			myID = protocol.NewDeviceID(cert.Certificate[0])
 			if err != nil {
@@ -370,7 +370,7 @@ func syncthingMain() {
 	// Ensure that that we have a certificate and key.
 	cert, err = loadCert(confDir, "")
 	if err != nil {
-		newCertificate(confDir, "")
+		newCertificate(confDir, "", tlsDefaultCommonName)
 		cert, err = loadCert(confDir, "")
 		if err != nil {
 			l.Fatalln("load cert:", err)
@@ -909,7 +909,7 @@ next:
 				// the certificate and used another name.
 				certName := deviceCfg.CertName
 				if certName == "" {
-					certName = "syncthing"
+					certName = tlsDefaultCommonName
 				}
 				err := remoteCert.VerifyHostname(certName)
 				if err != nil {