Given I have recently had the same issue with PCI compliance, I shall layout the steps I took to modify the source to pass PCI. I provide this information without warranty and if anyone decides to follow what I've done be it on there own head as most of it I gathered together from the boost asio information and various stackoverflow posts.
The 2 files that need to be modified are TCPServer.cpp & TCPConnection.cpp
The choice of ciphers in sCipherList is up to you (I'm not even sure I need all of them in the sCipherList string), the following will only allow the following Ciphers when I do an SSLScan
Accepted SSLv3 256 bits AES256-SHA
Accepted SSLv3 128 bits AES128-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 128 bits AES128-SHA
The code to be added is
Code: Select all
std::string sCipherList = "AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256:AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA";
*NB In TCPConnection.cpp "_context" will be "ctx" as they are named slightly differently.
~ln 112: After _context.set_options();
Method: TCPConnection::PrepareSSLContext(boost::asio::ssl::context &ctx)
~ln 1113: Before return true;
I hope you find this information useful.