projects
/
project
/
ustream-ssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
39a6ce2
)
ustream-ssl: Remove RC4 from ciphersuite in server mode.
author
Rosen Penev
<rosenp@gmail.com>
Sun, 1 Apr 2018 01:37:29 +0000
(18:37 -0700)
committer
John Crispin
<john@phrozen.org>
Mon, 30 Apr 2018 13:05:29 +0000
(15:05 +0200)
SSLlabs complains that RC4 is enabled as it is insecure, thereby capping the grade to B.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
ustream-openssl.c
patch
|
blob
|
history
diff --git
a/ustream-openssl.c
b/ustream-openssl.c
index 2faa8557fbb32384aceb3b8346b404eebf2cba56..eb03dab1ac1dd08f4db5901d56c852d6607ce4fc 100644
(file)
--- a/
ustream-openssl.c
+++ b/
ustream-openssl.c
@@
-52,6
+52,8
@@
__ustream_ssl_context_new(bool server)
#ifndef OPENSSL_NO_ECDH
SSL_CTX_set_ecdh_auto(c, 1);
#endif
+ if (server)
+ SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH");
SSL_CTX_set_quiet_shutdown(c, 1);
return (void *) c;