Use the server's preferred cipher for the API connection

When using SSL_OP_CIPHER_SERVER_PREFERENCE the server's preferred cipher
is used instead of the client preference, see
https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html

fixes #11290
This commit is contained in:
Tobias von der Krone 2016-03-04 08:14:03 +01:00
parent d14477c242
commit ce3062904f
1 changed files with 1 additions and 1 deletions

View File

@ -85,7 +85,7 @@ boost::shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& pr
boost::shared_ptr<SSL_CTX> sslContext = boost::shared_ptr<SSL_CTX>(SSL_CTX_new(SSLv23_method()), SSL_CTX_free); boost::shared_ptr<SSL_CTX> sslContext = boost::shared_ptr<SSL_CTX>(SSL_CTX_new(SSLv23_method()), SSL_CTX_free);
long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_CIPHER_SERVER_PREFERENCE;
#ifdef SSL_OP_NO_COMPRESSION #ifdef SSL_OP_NO_COMPRESSION
flags |= SSL_OP_NO_COMPRESSION; flags |= SSL_OP_NO_COMPRESSION;