return COMMAND_LINE_ERROR_MEMORY;
}
}
+ CommandLineSwitchCase(arg, "tls-seclevel")
+ {
+ unsigned long val = strtoul(arg->Value, NULL, 0);
+
+ if ((errno != 0) || (val > 5))
+ return COMMAND_LINE_ERROR_UNEXPECTED_VALUE;
+
+ settings->TlsSecLevel = val;
+ }
CommandLineSwitchCase(arg, "cert-name")
{
if (!copy_value(arg->Value, &settings->CertificateName))
{ "t", COMMAND_LINE_VALUE_REQUIRED, "<title>", NULL, NULL, -1, "title", "Window title" },
{ "themes", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL, "themes" },
{ "tls-ciphers", COMMAND_LINE_VALUE_REQUIRED, "netmon|ma|ciphers", NULL, NULL, -1, NULL, "Allowed TLS ciphers" },
+ { "tls-seclevel", COMMAND_LINE_VALUE_REQUIRED, "<level>", "1", NULL, -1, NULL, "TLS security level - defaults to 1" },
{ "toggle-fullscreen", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL, "Alt+Ctrl+Enter toggles fullscreen" },
{ "u", COMMAND_LINE_VALUE_REQUIRED, "[<domain>\\]<user> or <user>[@<domain>]", NULL, NULL, -1, NULL, "Username" },
{ "unmap-buttons", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueFalse, NULL, -1, NULL, "Let server see real physical pointer button"},
#define FreeRDP_VmConnectMode (1102)
#define FreeRDP_NtlmSamFile (1103)
#define FreeRDP_FIPSMode (1104)
+#define FreeRDP_TlsSecLevel (1105)
#define FreeRDP_MstscCookieMode (1152)
#define FreeRDP_CookieMaxLength (1153)
#define FreeRDP_PreconnectionId (1154)
#define FreeRDP_OrderSupport (2432)
#define FreeRDP_BitmapCacheV3Enabled (2433)
#define FreeRDP_AltSecFrameMarkerSupport (2434)
+#define FreeRDP_AllowUnanouncedOrdersFromServer (2435)
#define FreeRDP_BitmapCacheEnabled (2497)
#define FreeRDP_BitmapCacheVersion (2498)
#define FreeRDP_AllowCacheWaitingList (2499)
ALIGN64 BOOL VmConnectMode; /* 1102 */
ALIGN64 char* NtlmSamFile; /* 1103 */
ALIGN64 BOOL FIPSMode; /* 1104 */
- UINT64 padding1152[1152 - 1105]; /* 1105 */
+ ALIGN64 UINT32 TlsSecLevel; /* 1105 */
+ UINT64 padding1152[1152 - 1106]; /* 1106 */
/* Connection Cookie */
ALIGN64 BOOL MstscCookieMode; /* 1152 */
case FreeRDP_SmartSizingHeight:
return settings->SmartSizingHeight;
+ case FreeRDP_TlsSecLevel:
+ return settings->TlsSecLevel;
+
default:
WLog_ERR(TAG, "freerdp_get_param_uint32: unknown id: %d", id);
return 0;
settings->DynamicChannelArraySize = param;
break;
+ case FreeRDP_TlsSecLevel:
+ settings->TlsSecLevel = param;
+
default:
WLog_ERR(TAG, "freerdp_set_param_uint32: unknown id %d (param = %"PRIu32")", id, param);
return -1;
settings->ActionScript = _strdup("~/.config/freerdp/action.sh");
settings->SmartcardLogon = FALSE;
+ settings->TlsSecLevel = 1;
return settings;
out_fail:
free(settings->HomePath);
SSL_CTX_set_options(tls->ctx, options);
SSL_CTX_set_read_ahead(tls->ctx, 1);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ SSL_CTX_set_security_level(tls->ctx, settings->TlsSecLevel);
+#endif
+
if (settings->AllowedTlsCiphers)
{
if (!SSL_CTX_set_cipher_list(tls->ctx, settings->AllowedTlsCiphers))