external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Fixed Intel AMT TLS.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2020-03-30 19:29:46 -07:00
parent 95e8b87509
commit 8f2046984d
8 changed files with 23 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

10
webserver.js
View file

@ -2615,7 +2615,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// TLSSocket to encapsulate TLS communication, which then tunneled via SerialTunnel an then wrapped through CIRA APF
const TLSSocket = require('tls').TLSSocket;
const tlsoptions = { secureProtocol: ((req.query.tls1only == 1) ? 'TLSv1_method' : 'SSLv23_method'), ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false };
const tlsoptions = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false };
if (req.query.tls1only == 1) { tlsoptions.secureProtocol = 'TLSv1_method'; }
const tlsock = new TLSSocket(ser, tlsoptions);
tlsock.on('error', function (err) { parent.debug('webrelay', "CIRA TLS Connection Error ", err); });
tlsock.on('secureConnect', function () { parent.debug('webrelay', "CIRA Secure TLS Connection"); ws._socket.resume(); });
@ -2796,7 +2797,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
ws._socket.resume();
} else {
// If TLS is going to be used, setup a TLS socket
var tlsoptions = { secureProtocol: ((req.query.tls1only == 1) ? 'TLSv1_method' : 'SSLv23_method'), ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false };
var tlsoptions = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false };
if (req.query.tls1only == 1) { tlsoptions.secureProtocol = 'TLSv1_method'; }
ws.forwardclient = obj.tls.connect(port, node.host, tlsoptions, function () {
// The TLS connection method is the same as TCP, but located a bit differently.
parent.debug('webrelay', 'TLS connected to ' + node.host + ':' + port + '.');
@ -2827,13 +2829,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// If the TCP connection closes, disconnect the associated web socket.
ws.forwardclient.on('close', function () {
parent.debug('webrelay', 'TCP relay disconnected from ' + node.host + '.');
parent.debug('webrelay', 'TCP relay disconnected from ' + node.host + ':' + port + '.');
try { ws.close(); } catch (e) { }
});
// If the TCP connection causes an error, disconnect the associated web socket.
ws.forwardclient.on('error', function (err) {
parent.debug('webrelay', 'TCP relay error from ' + node.host + ': ' + err.errno);
parent.debug('webrelay', 'TCP relay error from ' + node.host + ':' + port + ': ' + err);
try { ws.close(); } catch (e) { }
});