]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 47a0a80) | patch
OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag
authorSzilárd Pfeiffer <coroner@pfeifferszilard.hu>
Mon, 4 Sep 2017 08:10:12 +0000 (10:10 +0200)
committerDavid Sommerseth <davids@openvpn.net>
Wed, 6 Sep 2017 22:10:24 +0000 (00:10 +0200)
commit5fd8e94d311825571931414064e4d13ed808f9b5
treea674ff8727a193d3d93b237a8a1bf18559f48655tree | snapshot
parent47a0a80b7718fe88451c82bdfe838e5a6e3c4248commit | diff
OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag

* safe bet to say that server admins are better at updating their configs
  than client users are and if client do want to restrict their ciphers,
  they should simply evict the ciphers they don't want from their cipher
  suite
* mbed TLS and OpenSSL behave more similar with the
  SSL_OP_CIPHER_SERVER_PREFERENCE flag

Signed-off-by: Szilárd Pfeiffer <coroner@pfeifferszilard.hu>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170904081012.1975-1-coroner@pfeifferszilard.hu>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15356.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
src/openvpn/ssl_openssl.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git