From: Rosen Penev <rosenp@gmail.com>
Date: Sun, 1 Apr 2018 01:37:29 +0000 (-0700)
Subject: ustream-ssl: Remove RC4 from ciphersuite in server mode.
X-Git-Url: https://git.librecmc.org/?p=oweals%2Fustream-ssl.git;a=commitdiff_plain;h=527e7002d0429465bd49c0c0d416ef22fbf5ae86

ustream-ssl: Remove RC4 from ciphersuite in server mode.

SSLlabs complains that RC4 is enabled as it is insecure, thereby capping the grade to B.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
---

diff --git a/ustream-openssl.c b/ustream-openssl.c
index 2faa855..eb03dab 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -52,6 +52,8 @@ __ustream_ssl_context_new(bool server)
 #ifndef OPENSSL_NO_ECDH
 	SSL_CTX_set_ecdh_auto(c, 1);
 #endif
+	if (server)
+		SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH");
 	SSL_CTX_set_quiet_shutdown(c, 1);
 
 	return (void *) c;