SSLlabs complains that RC4 is enabled as it is insecure, thereby capping the grade to B.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
#ifndef OPENSSL_NO_ECDH
SSL_CTX_set_ecdh_auto(c, 1);
#endif
#ifndef OPENSSL_NO_ECDH
SSL_CTX_set_ecdh_auto(c, 1);
#endif
+ if (server)
+ SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH");
SSL_CTX_set_quiet_shutdown(c, 1);
return (void *) c;
SSL_CTX_set_quiet_shutdown(c, 1);
return (void *) c;