nghttpx: Enable --honor-cipher-order automatically when --ciphers is used

This commit is contained in:
Tatsuhiro Tsujikawa 2013-08-30 23:02:47 +09:00
parent 5166a61bfd
commit 9e703170cd
2 changed files with 5 additions and 3 deletions

View File

@ -502,6 +502,8 @@ void print_help(std::ostream& out)
<< " SSL/TLS:\n" << " SSL/TLS:\n"
<< " --ciphers=<SUITE> Set allowed cipher list. The format of the\n" << " --ciphers=<SUITE> Set allowed cipher list. The format of the\n"
<< " string is described in OpenSSL ciphers(1).\n" << " string is described in OpenSSL ciphers(1).\n"
<< " If this option is used, --honor-cipher-order\n"
<< " is implicitly enabled.\n"
<< " --honor-cipher-order\n" << " --honor-cipher-order\n"
<< " Honor server cipher order, giving the\n" << " Honor server cipher order, giving the\n"
<< " ability to mitigate BEAST attacks.\n" << " ability to mitigate BEAST attacks.\n"

View File

@ -152,9 +152,9 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
<< ERR_error_string(ERR_get_error(), NULL); << ERR_error_string(ERR_get_error(), NULL);
DIE(); DIE();
} }
if(get_config()->honor_cipher_order) {
SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
} } else if(get_config()->honor_cipher_order) {
SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
} }
// Use P-256, which is sufficiently secure at the time of this // Use P-256, which is sufficiently secure at the time of this