Browse Source

[mod_openssl] allow all authentication methods in default cipher string

The details depend on the server key anyway; with the new default string
ecdsa keys work out of the box.

Change-Id: I7229f899ffd8dca5740767f9832980198b4f7bee
personal/stbuehler/wip
Stefan Bühler 7 years ago
parent
commit
f144349c72
  1. 2
      doc/mod_openssl.xml
  2. 2
      src/modules/mod_openssl.c

2
doc/mod_openssl.xml

@ -16,7 +16,7 @@
<short>file containing the intermediate certificates</short>
</entry>
<entry name="ciphers">
<short>OpenSSL ciphers string (default: "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK")</short>
<short>OpenSSL ciphers string (default: "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK")</short>
</entry>
<entry name="dh-params">
<short>filename with generated dh-params (default: fixed 4096-bit parameters)</short>

2
src/modules/mod_openssl.c

@ -493,7 +493,7 @@ static gboolean openssl_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
STACK_OF(X509_NAME) *client_ca_list;
const char
*default_ciphers = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK",
*default_ciphers = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK",
*default_ecdh_curve = "prime256v1";
/* setup defaults */

Loading…
Cancel
Save