From bb55b96be5873414f5139ee6f86706b2f219123a Mon Sep 17 00:00:00 2001 From: jsing <> Date: Thu, 10 Sep 2015 09:10:42 +0000 Subject: Add support for preferring the server's cipher list or the client's cipher list. Prefer the server's cipher list by default. Based on a diff from Kyle Thompson . ok beck@ bcook@ --- src/lib/libtls/tls_server.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'src/lib/libtls/tls_server.c') diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c index 8fa876c6fd..a3cee09596 100644 --- a/src/lib/libtls/tls_server.c +++ b/src/lib/libtls/tls_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_server.c,v 1.13 2015/09/09 19:49:07 jsing Exp $ */ +/* $OpenBSD: tls_server.c,v 1.14 2015/09/10 09:10:42 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -88,6 +88,10 @@ tls_configure_server(struct tls *ctx) EC_KEY_free(ecdh_key); } + if (ctx->config->ciphers_server == 1) + SSL_CTX_set_options(ctx->ssl_ctx, + SSL_OP_CIPHER_SERVER_PREFERENCE); + /* * Set session ID context to a random value. We don't support * persistent caching of sessions so it is OK to set a temporary -- cgit v1.2.3-55-g6feb