tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use the server's preferred cipher for the API connection 

When using SSL_OP_CIPHER_SERVER_PREFERENCE the server's preferred cipher
is used instead of the client preference, see
https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html

fixes #11290
This commit is contained in:
Tobias von der Krone 2016-03-04 08:14:03 +01:00
parent d14477c242
commit ce3062904f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/base/tlsutility.cpp
View File

@ -85,7 +85,7 @@ boost::shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& pr
boost::shared_ptr<SSL_CTX> sslContext = boost::shared_ptr<SSL_CTX>(SSL_CTX_new(SSLv23_method()), SSL_CTX_free);
long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_CIPHER_SERVER_PREFERENCE;
#ifdef SSL_OP_NO_COMPRESSION
flags |= SSL_OP_NO_COMPRESSION;