p/xK
1
1
Fork 0
Code Issues 1 Pull Requests Releases 11 Wiki Activity

degesch: add an "ssl_ciphers" option to servers

Browse Source
This commit is contained in:
Přemysl Eric Janouch 2015-07-12 17:15:33 +02:00
parent 88b2200051
commit 3c1bbbc513
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
degesch.c
View File

@ -1539,6 +1539,10 @@ static struct config_schema g_config_server[] =
{ .name = "ssl_ca_path", { .name = "ssl_ca_path",
.comment = "OpenSSL CA bundle path", .comment = "OpenSSL CA bundle path",
.type = CONFIG_ITEM_STRING }, .type = CONFIG_ITEM_STRING },
{ .name = "ssl_ciphers",
.comment = "OpenSSL cipher preference list",
.type = CONFIG_ITEM_STRING,
.default_ = "\"DEFAULT:!MEDIUM:!LOW\"" },
{ .name = "autoconnect", { .name = "autoconnect",
.comment = "Connect automatically on startup", .comment = "Connect automatically on startup",
@ -3884,7 +3888,10 @@ transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e)
SSL_CTX_get_ex_new_index (0, "server", NULL, NULL, NULL); SSL_CTX_get_ex_new_index (0, "server", NULL, NULL, NULL);
SSL_CTX_set_ex_data (ssl_ctx, g_transport_tls_data_index, s); SSL_CTX_set_ex_data (ssl_ctx, g_transport_tls_data_index, s);
// TODO: allow specifying SSL_CTX_set_cipher_list() const char *ciphers = get_config_string (s->config, "ssl_ciphers");
if (ciphers && !SSL_CTX_set_cipher_list (ssl_ctx, ciphers))
log_server_error (s, s->buffer,
"Failed to select any cipher from the cipher list");
SSL_CTX_set_mode (ssl_ctx, SSL_CTX_set_mode (ssl_ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);