kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit ff613f4665eda3a498a23493e75d2cacad02f5c6
parent bbfbfc4c61715927c594efc75949d9bbf7d98b3d
Author: Joris Vink <joris@coders.se>
Date:   Wed,  7 Aug 2013 20:42:19 +0200

Use SSL_OP_CIPHER_SERVER_PREFERENCE by default.

Diffstat:
src/domain.c | 5++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/domain.c b/src/domain.c @@ -83,9 +83,12 @@ kore_domain_sslstart(struct kore_domain *dom) SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_NO_COMPRESSION); SSL_CTX_set_mode(dom->ssl_ctx, SSL_MODE_RELEASE_BUFFERS); - SSL_CTX_set_cipher_list(dom->ssl_ctx, kore_ssl_cipher_list); SSL_CTX_set_mode(dom->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); + SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_NO_SSLv2); + SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); + SSL_CTX_set_cipher_list(dom->ssl_ctx, kore_ssl_cipher_list); + SSL_CTX_set_tlsext_servername_callback(dom->ssl_ctx, kore_ssl_sni_cb); SSL_CTX_set_next_protos_advertised_cb(dom->ssl_ctx, kore_ssl_npn_cb, NULL);