diff options
author | Rosen Penev <rosenp@gmail.com> | 2018-03-31 18:37:29 -0700 |
---|---|---|
committer | John Crispin <john@phrozen.org> | 2018-04-30 15:05:29 +0200 |
commit | 527e7002d0429465bd49c0c0d416ef22fbf5ae86 (patch) | |
tree | bac9b14b2129804ba47b618ea0dcb7aca86d9618 | |
parent | 39a6ce205d8fd10d2764751d0e1d2d76741e424d (diff) | |
download | ustream-ssl-527e7002d0429465bd49c0c0d416ef22fbf5ae86.tar.gz |
ustream-ssl: Remove RC4 from ciphersuite in server mode.
SSLlabs complains that RC4 is enabled as it is insecure, thereby capping the grade to B.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
-rw-r--r-- | ustream-openssl.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ustream-openssl.c b/ustream-openssl.c index 2faa855..eb03dab 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -52,6 +52,8 @@ __ustream_ssl_context_new(bool server) #ifndef OPENSSL_NO_ECDH SSL_CTX_set_ecdh_auto(c, 1); #endif + if (server) + SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH"); SSL_CTX_set_quiet_shutdown(c, 1); return (void *) c; |