Skip to content

N
nghttp2
Commit 9e703170 authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa
Browse files
Options

nghttpx: Enable --honor-cipher-order automatically when --ciphers is used

parent 5166a61b
Show whitespace changes
Inline Side-by-side
Showing with 5 additions and 3 deletions
src/shrpx.cc
View file @ 9e703170
...@@ -502,6 +502,8 @@ void print_help(std::ostream& out) ...@@ -502,6 +502,8 @@ void print_help(std::ostream& out)
<< " SSL/TLS:\n" << " SSL/TLS:\n"
<< " --ciphers=<SUITE> Set allowed cipher list. The format of the\n" << " --ciphers=<SUITE> Set allowed cipher list. The format of the\n"
<< " string is described in OpenSSL ciphers(1).\n" << " string is described in OpenSSL ciphers(1).\n"
<< " If this option is used, --honor-cipher-order\n"
<< " is implicitly enabled.\n"
<< " --honor-cipher-order\n" << " --honor-cipher-order\n"
<< " Honor server cipher order, giving the\n" << " Honor server cipher order, giving the\n"
<< " ability to mitigate BEAST attacks.\n" << " ability to mitigate BEAST attacks.\n"
......
src/shrpx_ssl.cc
View file @ 9e703170
...@@ -152,9 +152,9 @@ SSL_CTX* create_ssl_context(const char *private_key_file, ...@@ -152,9 +152,9 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
<< ERR_error_string(ERR_get_error(), NULL); << ERR_error_string(ERR_get_error(), NULL);
DIE(); DIE();
} }
if(get_config()->honor_cipher_order) {
SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
} } else if(get_config()->honor_cipher_order) {
SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
} }
// Use P-256, which is sufficiently secure at the time of this // Use P-256, which is sufficiently secure at the time of this
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment