infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

More comment docs on SSLCompression

bug/bundler_fix
Tod Beardsley 2014-01-21 16:48:26 -06:00
parent b8219e3e91
commit 0b6e03df75
No known key found for this signature in database
GPG Key ID: 1EFFB682ADB9F193
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/msf/core/exploit/http/server.rb
View File

@ -198,6 +198,9 @@ module Exploit::Remote::HttpServer
proto = (datastore["SSL"] ? "https" : "http")
# SSLCompression may or may not actually be available. For example, on
# Ubuntu, it's disabled by default, unless the correct environment
# variable is set. See https://github.com/rapid7/metasploit-framework/pull/2666
if proto == "https" and datastore['SSLCompression']
print_status("Intentionally using insecure SSL compression. Your operating system might not respect this!")
end

2
lib/rex/socket/parameters.rb
View File

@ -61,7 +61,7 @@ class Rex::Socket::Parameters
# @option hash [String] 'SSLCert' A file containing an SSL certificate (for
# server sockets)
# @option hash [String] 'SSLCipher' see {#ssl_cipher}
# @option hash [Bool] 'SSLCompression' enable SSL-level compression
# @option hash [Bool] 'SSLCompression' enable SSL-level compression where available
# @option hash [String] 'SSLVerifyMode' SSL certificate verification
# mechanism. One of 'NONE' (default), 'CLIENT_ONCE', 'FAIL_IF_NO_PEER_CERT ', 'PEER'
# @option hash [String] 'Proxies' List of proxies to use.