diff options
| author | Rosen Penev | 2018-04-01 01:37:29 +0000 |
|---|---|---|
| committer | John Crispin | 2018-04-30 13:05:29 +0000 |
| commit | 527e7002d0429465bd49c0c0d416ef22fbf5ae86 (patch) | |
| tree | bac9b14b2129804ba47b618ea0dcb7aca86d9618 | |
| parent | 39a6ce205d8fd10d2764751d0e1d2d76741e424d (diff) | |
| download | ustream-ssl-527e7002d0429465bd49c0c0d416ef22fbf5ae86.tar.gz | |
ustream-ssl: Remove RC4 from ciphersuite in server mode.
SSLlabs complains that RC4 is enabled as it is insecure, thereby capping the grade to B.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
| -rw-r--r-- | ustream-openssl.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ustream-openssl.c b/ustream-openssl.c index 2faa855..eb03dab 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -52,6 +52,8 @@ __ustream_ssl_context_new(bool server) #ifndef OPENSSL_NO_ECDH SSL_CTX_set_ecdh_auto(c, 1); #endif + if (server) + SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH"); SSL_CTX_set_quiet_shutdown(c, 1); return (void *) c; |