diff --git a/lib/metasploit/framework/mssql/tdssslproxy.rb b/lib/metasploit/framework/mssql/tdssslproxy.rb index e48499d346..1e020c31bb 100644 --- a/lib/metasploit/framework/mssql/tdssslproxy.rb +++ b/lib/metasploit/framework/mssql/tdssslproxy.rb @@ -51,8 +51,9 @@ class TDSSSLProxy def setup_ssl @running = true @t1 = Thread.start { ssl_setup_thread } - ssl_context = OpenSSL::SSL::SSLContext.new(:TLSv1) - @ssl_socket = OpenSSL::SSL::SSLSocket.new(@s1, ssl_context) + ctx = OpenSSL::SSL::SSLContext.new(:SSLv23) + ctx.ciphers = "ALL:!ADH:!EXPORT:!SSLv2:!SSLv3:+HIGH:+MEDIUM" + @ssl_socket = OpenSSL::SSL::SSLSocket.new(@s1, ctx) @ssl_socket.connect end diff --git a/lib/msf/core/exploit/smtp_deliver.rb b/lib/msf/core/exploit/smtp_deliver.rb index ba24485608..b3f37e2c08 100644 --- a/lib/msf/core/exploit/smtp_deliver.rb +++ b/lib/msf/core/exploit/smtp_deliver.rb @@ -228,12 +228,9 @@ protected end def generate_ssl_context - ctx = OpenSSL::SSL::SSLContext.new - ctx.key = OpenSSL::PKey::RSA.new(1024){ } - - ctx.session_id_context = Rex::Text.rand_text(16) - - return ctx + ctx = OpenSSL::SSL::SSLContext.new(:SSLv23) + ctx.ciphers = "ALL:!ADH:!EXPORT:!SSLv2:!SSLv3:+HIGH:+MEDIUM" + ctx end end diff --git a/modules/exploits/linux/misc/nagios_nrpe_arguments.rb b/modules/exploits/linux/misc/nagios_nrpe_arguments.rb index 3ac5320c90..f8c7290538 100644 --- a/modules/exploits/linux/misc/nagios_nrpe_arguments.rb +++ b/modules/exploits/linux/misc/nagios_nrpe_arguments.rb @@ -154,7 +154,7 @@ class MetasploitModule < Msf::Exploit::Remote end - # NRPE uses unauthenticated Annonymous-Diffie-Hellman + # NRPE uses unauthenticated Anonymous-Diffie-Hellman # setting the global SSL => true will break as we would be overlaying # an SSLSocket on another SSLSocket which hasnt completed its handshake @@ -163,7 +163,7 @@ class MetasploitModule < Msf::Exploit::Remote self.sock = super(global, opts) if datastore['NRPESSL'] or @force_ssl - ctx = OpenSSL::SSL::SSLContext.new("TLSv1") + ctx = OpenSSL::SSL::SSLContext.new(:TLSv1) ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE ctx.ciphers = "ADH"