$reqstate->{hdl}->timeout_reset();
$reqstate->{hdl}->timeout($self->{timeout});
+ $nocomp = 1 if !$self->{compression};
$nocomp = 1 if !$reqstate->{accept_gzip};
my $code = $resp->code;
$headers->{'cookie'} = PVE::APIServer::Formatter::create_auth_cookie($ticket, $self->{cookie_name}) if $ticket;
$headers->{'CSRFPreventionToken'} = $token if $token;
- $headers->{'Accept-Encoding'} = 'gzip' if $reqstate->{accept_gzip};
+ $headers->{'Accept-Encoding'} = 'gzip' if ($reqstate->{accept_gzip} && $self->{compression});
my $content;
# todo: use stop_read/start_read if write buffer grows to much
- my $res = "$proto 200 OK\015\012"; # hope this is the right answer?
+ # a response must be followed by an empty line
+ my $res = "$proto 200 OK\015\012\015\012";
$reqstate->{hdl}->push_write($res);
# log early
my ($hdl, $line) = @_;
if ($line =~ m!^$proto 200 OK$!) {
- &$startproxy();
+ # read the empty line after the 200 OK
+ $reqstate->{proxyhdl}->unshift_read(line => sub{
+ &$startproxy();
+ });
} else {
$reqstate->{hdl}->push_write($line);
$self->client_do_disconnect($reqstate);
$self->{base_uri} //= "/api2";
$self->{dirs} //= {};
$self->{title} //= 'API Inspector';
+ $self->{compression} //= 1;
# formatter_config: we pass some configuration values to the Formatter
$self->{formatter_config} = {};
$self->{end_cond} = AnyEvent->condvar;
if ($self->{ssl}) {
+ my $ssl_defaults = {
+ # Note: older versions are considered insecure, for example
+ # search for "Poodle"-Attack
+ method => 'any',
+ sslv2 => 0,
+ sslv3 => 0,
+ cipher_list => 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256',
+ honor_cipher_order => 1,
+ };
+
+ foreach my $k (keys %$ssl_defaults) {
+ $self->{ssl}->{$k} //= $ssl_defaults->{$k};
+ }
+
+ if (!defined($self->{ssl}->{dh_file})) {
+ $self->{ssl}->{dh} = 'skip2048';
+ }
+
+ my $tls_ctx_flags = &Net::SSLeay::OP_NO_COMPRESSION | &Net::SSLeay::OP_SINGLE_ECDH_USE | &Net::SSLeay::OP_SINGLE_DH_USE;
+ if ( delete $self->{ssl}->{honor_cipher_order} ) {
+ $tls_ctx_flags |= &Net::SSLeay::OP_CIPHER_SERVER_PREFERENCE;
+ }
+
$self->{tls_ctx} = AnyEvent::TLS->new(%{$self->{ssl}});
- Net::SSLeay::CTX_set_options($self->{tls_ctx}->{ctx}, &Net::SSLeay::OP_NO_COMPRESSION | &Net::SSLeay::OP_SINGLE_ECDH_USE | &Net::SSLeay::OP_SINGLE_DH_USE);
+ Net::SSLeay::CTX_set_options($self->{tls_ctx}->{ctx}, $tls_ctx_flags);
}
if ($self->{spiceproxy}) {