/freeradius-server

feature: force server-side cipher preference instead of list from client #1797

Merged
merged 1 commit into from Oct 19, 2016

Conversation

Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@lytboris @alandekok
@lytboris

lytboris commented Oct 19, 2016 edited

It is current best practices to force secure cipher for TLS from server side. By default OpenSSL will choose cipher based on client cipher list which may be

  • poor
  • buggy

Forcing this from server side makes some order in this mess.
Please consider to enable this option by default in 4.0. It is a common best practice in TLS world now.
Boris Lytochkin feature: force server-side cipher preference instead of OpenSSL default 
behavior to honor client cipher list
1137e5e

@alandekok alandekok merged commit e050253 into FreeRADIUS:v3.1.x Oct 19, 2016
1 check passed

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@alandekok alandekok added a commit that referenced this pull request Oct 19, 2016

@alandekok alandekok Add cipher_server_preference. Manual port of #1797
This commit was signed with a verified signature.
@alandekok alandekok Alan DeKok
GPG key ID: 7D0E79CD77621ECD Learn about signing commits
38cdbb4

@lytboris lytboris pushed a commit to lytboris/freeradius-server that referenced this pull request Nov 8, 2016

@alandekok alandekok + Boris Lytochkin Add cipher_server_preference. Manual port of #1797 b9d03d3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment