# HG changeset patch # User David Demelier # Date 1430468108 -7200 # Node ID 69532542f7fc1ae011a90ec381f5a54b7e2b45c4 # Parent d6e95a577fe9eaacb7dcaf0e5862b97152ced951 Socket: use TLS by default diff -r d6e95a577fe9 -r 69532542f7fc C++/modules/Socket/SocketSsl.cpp --- a/C++/modules/Socket/SocketSsl.cpp Thu Apr 30 11:42:18 2015 +0200 +++ b/C++/modules/Socket/SocketSsl.cpp Fri May 01 10:15:08 2015 +0200 @@ -22,16 +22,14 @@ namespace { -auto sslMethod(int mflags) +inline auto sslMethod(int type) noexcept { - if (mflags & SocketSslOptions::All) - return SSLv23_method(); - if (mflags & SocketSslOptions::SSLv3) + if (type == SocketSslOptions::SSLv3) return SSLv3_method(); - if (mflags & SocketSslOptions::TLSv1) + if (type == SocketSslOptions::TLSv1) return TLSv1_method(); - return SSLv23_method(); + throw std::invalid_argument("unknown method selected"); } inline std::string sslError(int error) diff -r d6e95a577fe9 -r 69532542f7fc C++/modules/Socket/SocketSsl.h --- a/C++/modules/Socket/SocketSsl.h Thu Apr 30 11:42:18 2015 +0200 +++ b/C++/modules/Socket/SocketSsl.h Fri May 01 10:15:08 2015 +0200 @@ -38,14 +38,15 @@ public: /** * @brief Method + * + * It is highly recommended to only use TLSv1. */ enum { - SSLv3 = (1 << 0), - TLSv1 = (1 << 1), - All = (0xf) + SSLv3, + TLSv1 }; - int method{All}; //!< The method + int method{TLSv1}; //!< The method std::string certificate; //!< The certificate path std::string privateKey; //!< The private key file bool verify{false}; //!< Verify or not @@ -63,7 +64,7 @@ * @param key the key file * @param verify set to true to verify */ - SocketSslOptions(int method, std::string certificate, std::string key, bool verify = false) + SocketSslOptions(std::string certificate, std::string key, int method = TLSv1, bool verify = false) : method(method) , certificate(std::move(certificate)) , privateKey(std::move(key))