]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 49e12a3) | patch
OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag
authorSzilárd Pfeiffer <coroner@pfeifferszilard.hu>
Mon, 4 Sep 2017 08:10:12 +0000 (10:10 +0200)
committerDavid Sommerseth <davids@openvpn.net>
Wed, 6 Sep 2017 22:39:21 +0000 (00:39 +0200)
commit5071f6783ae1cd248cfc9634d76ed1ecad851f5b
tree0e48cf316a44ebf645be3cd0fd0320a5f7663acatree
parent49e12a39abdecb4c63ea0e577f9abc18e0eda082commit | diff
OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag

* safe bet to say that server admins are better at updating their configs
  than client users are and if client do want to restrict their ciphers,
  they should simply evict the ciphers they don't want from their cipher
  suite
* mbed TLS and OpenSSL behave more similar with the
  SSL_OP_CIPHER_SERVER_PREFERENCE flag

Signed-off-by: Szilárd Pfeiffer <coroner@pfeifferszilard.hu>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170904081012.1975-1-coroner@pfeifferszilard.hu>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15356.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
(cherry picked from commit 5fd8e94d311825571931414064e4d13ed808f9b5)
src/openvpn/ssl_openssl.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git