[LEDE-DEV] [PATCH 2/2] ustream-ssl: Remove RC4 from ciphersuite in server mode.
Rosen Penev
rosenp at gmail.com
Sat Mar 31 18:37:29 PDT 2018
SSLlabs complains that RC4 is enabled as it is insecure, thereby capping the grade to B.
Signed-off-by: Rosen Penev <rosenp at gmail.com>
---
ustream-openssl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ustream-openssl.c b/ustream-openssl.c
index 2faa855..eb03dab 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -52,6 +52,8 @@ __ustream_ssl_context_new(bool server)
#ifndef OPENSSL_NO_ECDH
SSL_CTX_set_ecdh_auto(c, 1);
#endif
+ if (server)
+ SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH");
SSL_CTX_set_quiet_shutdown(c, 1);
return (void *) c;
--
2.16.3
More information about the Lede-dev
mailing list