From 22a4fdb0473d802080c3da1d820aefd73a73f872 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Sat, 18 Oct 2014 11:47:52 +0000
Subject: [PATCH] Prefer TLSv1 over SSLv3

---
 extensions/metasploit/config.yaml  | 4 ++--
 extensions/metasploit/rpcclient.rb | 3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/extensions/metasploit/config.yaml b/extensions/metasploit/config.yaml
index 74e895e85..d90d78541 100644
--- a/extensions/metasploit/config.yaml
+++ b/extensions/metasploit/config.yaml
@@ -7,7 +7,7 @@
 # Then set msf_callback_host to be the public IP of your MSF server
 #
 # Ensure you load the xmlrpc interface in Metasploit
-# msf > load msgrpc ServerHost=10.211.55.2 Pass=abc123
+# msf > load msgrpc ServerHost=IP Pass=abc123
 # Please note that the ServerHost parameter must have the same value of host and callback_host variables here below.
 # Also always use the IP of your machine where MSF is listening.
 beef:
@@ -23,7 +23,7 @@ beef:
             # if you need "ssl: true" make sure you start msfrpcd with "SSL=y", like:
             # load msgrpc ServerHost=IP Pass=abc123 SSL=y
             ssl: false
-            ssl_version: 'SSLv3'
+            ssl_version: 'TLSv1'
             ssl_verify: true
             callback_host: "127.0.0.1"
             autopwn_url: "autopwn"
diff --git a/extensions/metasploit/rpcclient.rb b/extensions/metasploit/rpcclient.rb
index f305f8ff4..a868c79ce 100644
--- a/extensions/metasploit/rpcclient.rb
+++ b/extensions/metasploit/rpcclient.rb
@@ -33,6 +33,9 @@ module Metasploit
 				 :ssl_version => @config['ssl_version'] ,
 				 :context => {}
  			}
+			if opts[:ssl_version] =~ /SSLv3/i
+				print_warning("Warning: Connections to Metasploit RPC over SSLv3 are insecure. Use TLSv1 instead.")
+			end
 			#auto start msfrpcd
 			if (@config['auto_msfrpcd'] || false)
 				launch_msf = ''