From bb55b96be5873414f5139ee6f86706b2f219123a Mon Sep 17 00:00:00 2001 From: jsing <> Date: Thu, 10 Sep 2015 09:10:42 +0000 Subject: Add support for preferring the server's cipher list or the client's cipher list. Prefer the server's cipher list by default. Based on a diff from Kyle Thompson . ok beck@ bcook@ --- src/lib/libtls/tls_config.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'src/lib/libtls/tls_config.c') diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index 2a0033b3bd..4d536853c8 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_config.c,v 1.11 2015/09/09 19:49:07 jsing Exp $ */ +/* $OpenBSD: tls_config.c,v 1.12 2015/09/10 09:10:42 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -80,6 +80,8 @@ tls_config_new(void) tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT); tls_config_set_verify_depth(config, 6); + tls_config_prefer_ciphers_server(config); + tls_config_verify(config); return (config); @@ -282,6 +284,18 @@ tls_config_set_verify_depth(struct tls_config *config, int verify_depth) config->verify_depth = verify_depth; } +void +tls_config_prefer_ciphers_client(struct tls_config *config) +{ + config->ciphers_server = 0; +} + +void +tls_config_prefer_ciphers_server(struct tls_config *config) +{ + config->ciphers_server = 1; +} + void tls_config_insecure_noverifycert(struct tls_config *config) { -- cgit v1.2.3-55-g6feb