aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2015-07-22 20:43:01 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2015-07-22 20:43:01 -0400
commitbfc2bbc091587f5b9ed0f0c8476c63ff6640bda6 (patch)
treebb5a238f54b24784bbba5c082415e9e1483ab6a0 /config/suricata
parentafba4e722681c35163ec48b7cacffa8b8cb88e5f (diff)
downloadpfsense-packages-bfc2bbc091587f5b9ed0f0c8476c63ff6640bda6.tar.gz
pfsense-packages-bfc2bbc091587f5b9ed0f0c8476c63ff6640bda6.tar.bz2
pfsense-packages-bfc2bbc091587f5b9ed0f0c8476c63ff6640bda6.zip
Use more secure CURL options for rules tarball downloads.
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/suricata_check_for_rule_updates.php8
1 files changed, 5 insertions, 3 deletions
diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php
index 9360d464..67334957 100644
--- a/config/suricata/suricata_check_for_rule_updates.php
+++ b/config/suricata/suricata_check_for_rule_updates.php
@@ -196,9 +196,11 @@ function suricata_download_file_url($url, $file_out) {
}
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
- curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Win64; x64; Trident/6.0)");
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
+ curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 Chrome/43.0.2357.65 Safari/537.36");
+ curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, "TLSv1.2, TLSv1");
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true);
+ curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 15);
curl_setopt($ch, CURLOPT_TIMEOUT, 0);
// Use the system proxy server setttings if configured