nghttpx: Enable --honor-cipher-order automatically when --ciphers is used
This commit is contained in:
parent
5166a61bfd
commit
9e703170cd
|
@ -502,6 +502,8 @@ void print_help(std::ostream& out)
|
|||
<< " SSL/TLS:\n"
|
||||
<< " --ciphers=<SUITE> Set allowed cipher list. The format of the\n"
|
||||
<< " string is described in OpenSSL ciphers(1).\n"
|
||||
<< " If this option is used, --honor-cipher-order\n"
|
||||
<< " is implicitly enabled.\n"
|
||||
<< " --honor-cipher-order\n"
|
||||
<< " Honor server cipher order, giving the\n"
|
||||
<< " ability to mitigate BEAST attacks.\n"
|
||||
|
|
|
@ -152,9 +152,9 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
|
|||
<< ERR_error_string(ERR_get_error(), NULL);
|
||||
DIE();
|
||||
}
|
||||
if(get_config()->honor_cipher_order) {
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
}
|
||||
} else if(get_config()->honor_cipher_order) {
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
}
|
||||
|
||||
// Use P-256, which is sufficiently secure at the time of this
|
||||
|
|
Loading…
Reference in New Issue