mirror of https://github.com/Icinga/icinga2.git
Use the server's preferred cipher for the API connection
When using SSL_OP_CIPHER_SERVER_PREFERENCE the server's preferred cipher is used instead of the client preference, see https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html fixes #11290
This commit is contained in:
parent
d14477c242
commit
ce3062904f
|
@ -85,7 +85,7 @@ boost::shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& pr
|
||||||
|
|
||||||
boost::shared_ptr<SSL_CTX> sslContext = boost::shared_ptr<SSL_CTX>(SSL_CTX_new(SSLv23_method()), SSL_CTX_free);
|
boost::shared_ptr<SSL_CTX> sslContext = boost::shared_ptr<SSL_CTX>(SSL_CTX_new(SSLv23_method()), SSL_CTX_free);
|
||||||
|
|
||||||
long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
|
long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_CIPHER_SERVER_PREFERENCE;
|
||||||
|
|
||||||
#ifdef SSL_OP_NO_COMPRESSION
|
#ifdef SSL_OP_NO_COMPRESSION
|
||||||
flags |= SSL_OP_NO_COMPRESSION;
|
flags |= SSL_OP_NO_COMPRESSION;
|
||||||
|
|
Loading…
Reference in New Issue