nghttpx: Enable --honor-cipher-order automatically when --ciphers is used
This commit is contained in:
parent
5166a61bfd
commit
9e703170cd
|
@ -502,6 +502,8 @@ void print_help(std::ostream& out)
|
||||||
<< " SSL/TLS:\n"
|
<< " SSL/TLS:\n"
|
||||||
<< " --ciphers=<SUITE> Set allowed cipher list. The format of the\n"
|
<< " --ciphers=<SUITE> Set allowed cipher list. The format of the\n"
|
||||||
<< " string is described in OpenSSL ciphers(1).\n"
|
<< " string is described in OpenSSL ciphers(1).\n"
|
||||||
|
<< " If this option is used, --honor-cipher-order\n"
|
||||||
|
<< " is implicitly enabled.\n"
|
||||||
<< " --honor-cipher-order\n"
|
<< " --honor-cipher-order\n"
|
||||||
<< " Honor server cipher order, giving the\n"
|
<< " Honor server cipher order, giving the\n"
|
||||||
<< " ability to mitigate BEAST attacks.\n"
|
<< " ability to mitigate BEAST attacks.\n"
|
||||||
|
|
|
@ -152,9 +152,9 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
|
||||||
<< ERR_error_string(ERR_get_error(), NULL);
|
<< ERR_error_string(ERR_get_error(), NULL);
|
||||||
DIE();
|
DIE();
|
||||||
}
|
}
|
||||||
if(get_config()->honor_cipher_order) {
|
SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
} else if(get_config()->honor_cipher_order) {
|
||||||
}
|
SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Use P-256, which is sufficiently secure at the time of this
|
// Use P-256, which is sufficiently secure at the time of this
|
||||||
|
|
Loading…
Reference in New Issue