Add support for preferring the server's cipher list or the client's cipher

list. Prefer the server's cipher list by default. Based on a diff from Kyle Thompson <jmp at giga dot moe>. ok beck@ bcook@
author: jsing <> 2015-09-10 09:10:42 +0000
committer: jsing <> 2015-09-10 09:10:42 +0000
commit: bb55b96be5873414f5139ee6f86706b2f219123a (patch)
tree: 7e607278f29d9ff6cd6a4157a2b2362498680e58 /src/lib/libtls/tls_server.c
parent: f4a4d0ccce6152a6e48d345c33b3db9dbdaad529 (diff)
download: openbsd-bb55b96be5873414f5139ee6f86706b2f219123a.tar.gz
openbsd-bb55b96be5873414f5139ee6f86706b2f219123a.tar.bz2
openbsd-bb55b96be5873414f5139ee6f86706b2f219123a.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index 8fa876c6fd..a3cee09596 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.13 2015/09/09 19:49:07 jsing Exp $ */
+/* $OpenBSD: tls_server.c,v 1.14 2015/09/10 09:10:42 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -88,6 +88,10 @@ tls_configure_server(struct tls *ctx)
                EC_KEY_free(ecdh_key);
        }
+        if (ctx->config->ciphers_server == 1)
+                SSL_CTX_set_options(ctx->ssl_ctx,
+                    SSL_OP_CIPHER_SERVER_PREFERENCE); 
        /*
         * Set session ID context to a random value.  We don't support
         * persistent caching of sessions so it is OK to set a temporary
author	jsing <>	2015-09-10 09:10:42 +0000
committer	jsing <>	2015-09-10 09:10:42 +0000
commit	bb55b96be5873414f5139ee6f86706b2f219123a (patch)
tree	7e607278f29d9ff6cd6a4157a2b2362498680e58 /src/lib/libtls/tls_server.c
parent	f4a4d0ccce6152a6e48d345c33b3db9dbdaad529 (diff)
download	openbsd-bb55b96be5873414f5139ee6f86706b2f219123a.tar.gz openbsd-bb55b96be5873414f5139ee6f86706b2f219123a.tar.bz2 openbsd-bb55b96be5873414f5139ee6f86706b2f219123a.zip