Prefer TLSv1 over SSLv3

2014-10-18 11:47:52 +00:00
parent ee2ebc26b3
commit 22a4fdb047
2 changed files with 5 additions and 2 deletions
--- a/extensions/metasploit/config.yaml
+++ b/extensions/metasploit/config.yaml
@@ -7,7 +7,7 @@
 # Then set msf_callback_host to be the public IP of your MSF server
 #
 # Ensure you load the xmlrpc interface in Metasploit
-# msf > load msgrpc ServerHost=10.211.55.2 Pass=abc123
+# msf > load msgrpc ServerHost=IP Pass=abc123
 # Please note that the ServerHost parameter must have the same value of host and callback_host variables here below.
 # Also always use the IP of your machine where MSF is listening.
 beef:
@@ -23,7 +23,7 @@ beef:
            # if you need "ssl: true" make sure you start msfrpcd with "SSL=y", like:
            # load msgrpc ServerHost=IP Pass=abc123 SSL=y
            ssl: false
-            ssl_version: 'SSLv3'
+            ssl_version: 'TLSv1'
            ssl_verify: true
            callback_host: "127.0.0.1"
            autopwn_url: "autopwn"
--- a/extensions/metasploit/rpcclient.rb
+++ b/extensions/metasploit/rpcclient.rb
@@ -33,6 +33,9 @@ module Metasploit
 				 :ssl_version => @config['ssl_version'] ,
 				 :context => {}
 			}
+			if opts[:ssl_version] =~ /SSLv3/i
+				print_warning("Warning: Connections to Metasploit RPC over SSLv3 are insecure. Use TLSv1 instead.")
+			end
 			#auto start msfrpcd
 			if (@config['auto_msfrpcd'] || false)
 				launch_msf = ''