ustream-ssl: Remove RC4 from ciphersuite in server mode.
authorRosen Penev <rosenp@gmail.com>
Sun, 1 Apr 2018 01:37:29 +0000 (18:37 -0700)
committerJohn Crispin <john@phrozen.org>
Mon, 30 Apr 2018 13:05:29 +0000 (15:05 +0200)
SSLlabs complains that RC4 is enabled as it is insecure, thereby capping the grade to B.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
ustream-openssl.c

index 2faa8557fbb32384aceb3b8346b404eebf2cba56..eb03dab1ac1dd08f4db5901d56c852d6607ce4fc 100644 (file)
@@ -52,6 +52,8 @@ __ustream_ssl_context_new(bool server)
 #ifndef OPENSSL_NO_ECDH
        SSL_CTX_set_ecdh_auto(c, 1);
 #endif
+       if (server)
+               SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH");
        SSL_CTX_set_quiet_shutdown(c, 1);
 
        return (void *) c;