lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity

[mod_gnutls,mod_mbedtls] recog common cipherstring 

recognize and translate a common recommended cipherstring
  "ECDHE+AESGCM:ECDHE+AES256:CHACHA20:!SHA1:!SHA256:!SHA384"

(basically: ECDHE+AESGCM:ECDHE+AES256:CHACHA20
 without CBC ciphers reported as weak by SSLLabs)
personal/stbuehler/tests-path
Glenn Strauss 2021-02-05 02:26:20 -05:00
parent 1ca25d4e2c
commit 2403cc4f09
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/mod_gnutls.c
View File

@ -3102,6 +3102,8 @@ mod_gnutls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer *
return 1;
}
else if (0 == strncmp_const(e,
"ECDHE+AESGCM:ECDHE+AES256:CHACHA20:!SHA1:!SHA256:!SHA384")
|| 0 == strncmp_const(e,
"EECDH+AESGCM:AES256+EECDH:CHACHA20:!SHA1:!SHA256:!SHA384")) {
e += sizeof(
"EECDH+AESGCM:AES256+EECDH:CHACHA20:!SHA1:!SHA256:!SHA384")-1;

2
src/mod_mbedtls.c
View File

@ -3367,6 +3367,8 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer
return 1;
}
else if (0 == strncmp_const(e,
"ECDHE+AESGCM:ECDHE+AES256:CHACHA20:!SHA1:!SHA256:!SHA384")
|| 0 == strncmp_const(e,
"EECDH+AESGCM:AES256+EECDH:CHACHA20:!SHA1:!SHA256:!SHA384")) {
e += sizeof(
"EECDH+AESGCM:AES256+EECDH:CHACHA20:!SHA1:!SHA256:!SHA384")-1;