Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #66 from bfg/prefer_server_ciphers

Prefer server cipher list.
  • Loading branch information...
commit 17918b7990765a277d0339e53c1614a2b7d014d7 2 parents e0f8db4 + 1bc2189
Jamie Turner authored
Showing with 12 additions and 2 deletions.
  1. +12 −2 stud.c
14 stud.c
View
@@ -142,6 +142,7 @@ typedef struct stud_options {
int SYSLOG;
int TCP_KEEPALIVE_TIME;
int DAEMONIZE;
+ int PREFER_SERVER_CIPHERS;
} stud_options;
static stud_options OPTIONS = {
@@ -171,7 +172,8 @@ static stud_options OPTIONS = {
0, // QUIET
0, // SYSLOG
3600, // TCP_KEEPALIVE_TIME
- 0 // DAEMONIZE
+ 0, // DAEMONIZE
+ 0 // PREFER_SERVER_CIPHERS
};
@@ -654,6 +656,9 @@ static SSL_CTX * init_openssl() {
if (SSL_CTX_set_cipher_list(ctx, OPTIONS.CIPHER_SUITE) != 1)
ERR_print_errors_fp(stderr);
+ if (OPTIONS.PREFER_SERVER_CIPHERS)
+ SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+
#ifdef USE_SHARED_CACHE
if (OPTIONS.SHARED_CACHE) {
if (shared_context_init(ctx, OPTIONS.SHARED_CACHE) < 0) {
@@ -1274,6 +1279,7 @@ static void usage_fail(const char *prog, const char *msg) {
" --ssl SSLv3 (implies no TLSv1)\n"
" -c CIPHER_SUITE set allowed ciphers (default is OpenSSL defaults)\n"
" -e ENGINE set OpenSSL engine\n"
+" -O prefer server cipher order\n"
"\n"
"Socket:\n"
" -b HOST,PORT backend [connect] (default is \"127.0.0.1,8000\")\n"
@@ -1441,7 +1447,7 @@ static void parse_cli(int argc, char **argv) {
while (1) {
int option_index = 0;
- c = getopt_long(argc, argv, "hf:b:n:c:e:u:r:B:C:k:qsU:P:M:",
+ c = getopt_long(argc, argv, "hf:b:n:c:e:Ou:r:B:C:k:qsU:P:M:",
long_options, &option_index);
if (c == -1)
@@ -1478,6 +1484,10 @@ static void parse_cli(int argc, char **argv) {
OPTIONS.ENGINE = optarg;
break;
+ case 'O':
+ OPTIONS.PREFER_SERVER_CIPHERS = 1;
+ break;
+
case 'u':
passwd = getpwnam(optarg);
if (!passwd) {
Please sign in to comment.
Something went wrong with that request. Please try again.