diff options
| author |   otto <otto@openbsd.org> | 2013-07-11 12:41:52 +0000 |
|---|---|---|
| committer | otto <otto@openbsd.org> | 2013-07-11 12:41:52 +0000 |
| commit | b983918d298b9686a4db5b7b8be3c93592fe2b21 (patch) | |
| tree | 021c7f8f707d0c3db877bccc368a94f5e0071289 /usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c | |
| parent | Bring file selection in accordance with the man page; from Stefan Esser (diff) | |
| download | wireguard-openbsd-b983918d298b9686a4db5b7b8be3c93592fe2b21.tar.xz wireguard-openbsd-b983918d298b9686a4db5b7b8be3c93592fe2b21.zip | |
introduce HonorCipherOrder to use the server's order of preference of ciphers
ok djm@ guenther@
Diffstat (limited to 'usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c')
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c index 61a9a5b3594..8720f236134 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_engine_init.c,v 1.28 2012/07/07 17:08:17 sthen Exp $ */ +/* $OpenBSD: ssl_engine_init.c,v 1.29 2013/07/11 12:41:52 otto Exp $ */ /* _ _ ** _ __ ___ ___ __| | ___ ___| | mod_ssl @@ -589,6 +589,8 @@ void ssl_init_ConfigureServer(server_rec *s, pool *p, SSLSrvConfigRec *sc) SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); if (!(sc->nProtocol & SSL_PROTOCOL_TLSV1)) SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1); + if (sc->cipher_server_pref == TRUE) + SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); SSL_CTX_set_app_data(ctx, s); sc->pSSLCtx = ctx; |