kore

Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git
commit ff613f4665eda3a498a23493e75d2cacad02f5c6
parent bbfbfc4c61715927c594efc75949d9bbf7d98b3d
Author: Joris Vink <joris@coders.se>
Date:   Wed,  7 Aug 2013 20:42:19 +0200

Use SSL_OP_CIPHER_SERVER_PREFERENCE by default.

Diffstat:

src/domain.c | 5++++-


1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/domain.c b/src/domain.c
@@ -83,9 +83,12 @@ kore_domain_sslstart(struct kore_domain *dom)
 		SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_NO_COMPRESSION);
 
 	SSL_CTX_set_mode(dom->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
-	SSL_CTX_set_cipher_list(dom->ssl_ctx, kore_ssl_cipher_list);
 	SSL_CTX_set_mode(dom->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
+
 	SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_NO_SSLv2);
+	SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+	SSL_CTX_set_cipher_list(dom->ssl_ctx, kore_ssl_cipher_list);
+
 	SSL_CTX_set_tlsext_servername_callback(dom->ssl_ctx, kore_ssl_sni_cb);
 	SSL_CTX_set_next_protos_advertised_cb(dom->ssl_ctx,
 	    kore_ssl_npn_cb, NULL);