Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Implements the request for Cipher Server Preference

  • Loading branch information...
commit 19b8fe12874ae4791ae695e74257a990c9f21281 1 parent d363f35
@skinkie skinkie authored
View
2  admin/PageVServer.py
@@ -46,6 +46,7 @@
NOTE_CERT_KEY = N_('PEM-encoded Private Key file for the server (Full path to the file)')
NOTE_CA_LIST = N_('File containing the trusted CA certificates, utilized for checking the client certificates (Full path to the file)')
NOTE_CIPHERS = N_('Ciphers that TLS/SSL is allowed to use. <a target="_blank" href="http://www.openssl.org/docs/apps/ciphers.html">Reference</a>. (Default: HIGH:!aNULL:!MD5).')
+NOTE_CIPHER_SERVER_PREFERENCE = N_('The cipher sequence that is specified by the server should have preference over the preference of the client. (Default: False).')
NOTE_CLIENT_CERTS = N_('Skip, Accept or Require client certificates.')
NOTE_VERIFY_DEPTH = N_('Limit up to which depth certificates in a chain are used during the verification procedure (Default: 1)')
NOTE_ERROR_HANDLER = N_('Allows the selection of how to generate the error responses.')
@@ -665,6 +666,7 @@ def __init__ (self, vsrv_num, refreshable):
# Advanced options
table = CTK.PropsTable()
table.Add (_('Ciphers'), CTK.TextCfg ('%s!ssl_ciphers' %(pre), True), _(NOTE_CIPHERS))
+ table.Add (_('Server Preference'), CTK.CheckCfgText ('%s!ssl_cipher_server_preference' % (pre), False, _('Prefer')), _(NOTE_CIPHER_SERVER_PREFERENCE))
table.Add (_('Client Certs. Request'), CTK.ComboCfg('%s!ssl_client_certs' %(pre), trans_options(CLIENT_CERTS)), _(NOTE_CLIENT_CERTS))
if CTK.cfg.get_val('%s!ssl_client_certs' %(pre)):
View
6 cherokee/cryptor_libssl.c
@@ -388,6 +388,12 @@ _vserver_new (cherokee_cryptor_t *cryp,
options |= SSL_OP_NO_SSLv2;
}
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+ if (vsrv->cipher_server_preference) {
+ options |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+ }
+#endif
+
SSL_CTX_set_options (n->context, options);
/* Set cipher list that vserver will accept.
View
7 cherokee/virtual_server.c
@@ -69,6 +69,8 @@ cherokee_virtual_server_new (cherokee_virtual_server_t **vserver, void *server)
n->hsts.subdomains = true;
n->hsts.max_age = 365 * 24 * 60 * 60;
+ n->cipher_server_preference = false;
+
/* Virtual entries
*/
ret = cherokee_rule_list_init (&n->rules);
@@ -1149,6 +1151,11 @@ configure_virtual_server_property (cherokee_config_node_t *conf, void *data)
cherokee_buffer_clean (&vserver->ciphers);
cherokee_buffer_add_buffer (&vserver->ciphers, &conf->val);
+ } else if (equal_buf_str (&conf->key, "ssl_cipher_server_preference")) {
+ ret = cherokee_atob (conf->val.buf, &vserver->cipher_server_preference);
+ if (ret != ret_ok)
+ return ret;
+
} else if (equal_buf_str (&conf->key, "flcache") ||
equal_buf_str (&conf->key, "collector")) {
/* Handled later on */
View
1  cherokee/virtual_server.h
@@ -75,6 +75,7 @@ typedef struct {
cherokee_buffer_t certs_ca;
cherokee_buffer_t req_client_certs;
cherokee_buffer_t ciphers;
+ cherokee_boolean_t cipher_server_preference;
cherokee_cryptor_vserver_t *cryptor;
struct {
Please sign in to comment.
Something went wrong with that request. Please try again.