Only set default DH parameters for server TLS contexts to avoid overh…

…ead. See also #663.
vibe-d · May 14, 2014 · 2199394 · 2199394
1 parent bf0bc8a
commit 2199394
Showing 1 changed file with 5 additions and 6 deletions.
diff --git a/source/vibe/stream/ssl.d b/source/vibe/stream/ssl.d
@@ -456,15 +456,15 @@ class SSLContext {
 						case SSLVersion.dtls1: method = DTLSv1_server_method(); break;
 					}
 					options |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+					setDHParams();
+					setECDHCurve();
 					break;
 			}
 
 			m_ctx = SSL_CTX_new(method);
 			SSL_CTX_set_options!()(m_ctx, options);
 
 			setCipherList();
-			setDHParams();
-			setECDHCurve();
 		} else enforce(false, "No SSL support compiled in!");
 
 		maxCertChainLength = 9;
@@ -602,14 +602,13 @@ class SSLContext {
 
 		See_also: $(LINK https://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT)
 	*/
-	void setCipherList(string list=null)
+	void setCipherList(string list = null)
 	{
 		version (OpenSSL) {
 			if (list is null)
 				SSL_CTX_set_cipher_list(m_ctx,
-							"ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:"
-							"ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:"
-							"RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS");
+					"ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:"
+					"RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS");
 			else
 				SSL_CTX_set_cipher_list(m_ctx, toStringz(list));
 		}