Skip to content

Commit

Permalink
fix ssl cipher list
Browse files Browse the repository at this point in the history
  • Loading branch information
@hggq
hggq committed May 10, 2024
1 parent abbd06a commit 950fe85
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 11 deletions.
4 changes: 4 additions & 0 deletions vendor/httpserver/include/http_domain.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,9 @@ namespace http

std::string get_password();
int serverNameCallback(SSL *ssl, int *ad, void *arg);
static const char *DEFAULT_CIPHER_LIST = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-"
"AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-"
"POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-"
"AES256-GCM-SHA384";
}
#endif
6 changes: 1 addition & 5 deletions vendor/httpserver/src/http_domain.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,14 +186,10 @@ int serverNameCallback(SSL *ssl, [[maybe_unused]] int *ad, [[maybe_unused]] void
SSL_clear_options(ssl, 0xFFFFFFFFL);
SSL_set_options(ssl, SSL_CTX_get_options(ctx));

constexpr char DEFAULT_CIPHER_LIST[] = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-"
"AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-"
"POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-"
"AES256-GCM-SHA384";

if (SSL_CTX_set_cipher_list(ctx, DEFAULT_CIPHER_LIST) == 0)
{
std::cerr << ERR_error_string(ERR_get_error(), nullptr) << std::endl;
return SSL_TLSEXT_ERR_OK;
}

std::vector<unsigned char> next_proto;
Expand Down
7 changes: 1 addition & 6 deletions vendor/httpserver/src/server.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2866,7 +2866,7 @@ asio::awaitable<void> httpserver::clientpeerfun(struct httpsocket_t sock_temp, b

{
log_item.clear();
log_item.append(peer->server_ip);
log_item.append(peer->client_ip);
log_item.push_back(0x20);
log_item.append(get_date("%Y-%m-%d %X"));
log_item.push_back(0x20);
Expand Down Expand Up @@ -3365,11 +3365,6 @@ void httpserver::listeners()
//SSL_CTX_set_mode(context_.native_handle(), SSL_MODE_AUTO_RETRY);
SSL_CTX_set_mode(context_.native_handle(), SSL_MODE_RELEASE_BUFFERS);

constexpr char DEFAULT_CIPHER_LIST[] = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-"
"AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-"
"POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-"
"AES256-GCM-SHA384";

if (SSL_CTX_set_cipher_list(context_.native_handle(), DEFAULT_CIPHER_LIST) == 0)
{
std::cerr << ERR_error_string(ERR_get_error(), nullptr) << std::endl;
Expand Down

0 comments on commit 950fe85

Please sign in to comment.