Change cipher suite variable

This variable was poorly named. At one point it represented mozilla modern cipher suites, but it has been long since changed to mozilla intermediate. Name the variable appropriately. While we're here, also change the type to const char*, such that we're not allocating the string for every connection. Change-Id: I0faae73448d953c173c3d3b9e4916b41b2a2497a Signed-off-by: Ed Tanous <edtanous@google.com>
author: Ed Tanous <edtanous@google.com> 2023-06-15 00:53:29 +0300
committer: Ed Tanous <ed@tanous.net> 2023-06-20 22:43:14 +0300
commit: e96d7fbfe7f8e4ced88e960a66fca639234929c1 (patch)
tree: 43e63bda5f70540024db65ec72c9c13624c82c53
parent: 12dfca542800102a3fb28698086535cd2cca3ade (diff)
download: bmcweb-e96d7fbfe7f8e4ced88e960a66fca639234929c1.tar.xz
1 files changed, 12 insertions, 10 deletions
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp
index bb2600c49c..db61db9f83 100644
--- a/include/ssl_key_handler.hpp
+++ b/include/ssl_key_handler.hpp
@@ -459,18 +459,20 @@ inline std::shared_ptr<boost::asio::ssl::context>
         BMCWEB_LOG_ERROR << "Error setting tmp ecdh list\n";
     }
 
-    std::string mozillaModern = "ECDHE-ECDSA-AES128-GCM-SHA256:"
-                                "ECDHE-RSA-AES128-GCM-SHA256:"
-                                "ECDHE-ECDSA-AES256-GCM-SHA384:"
-                                "ECDHE-RSA-AES256-GCM-SHA384:"
-                                "ECDHE-ECDSA-CHACHA20-POLY1305:"
-                                "ECDHE-RSA-CHACHA20-POLY1305:"
-                                "DHE-RSA-AES128-GCM-SHA256:"
-                                "DHE-RSA-AES256-GCM-SHA384:"
-                                "DHE-RSA-CHACHA20-POLY1305";
+    // Mozilla intermediate cipher suites v5.7
+    // Sourced from: https://ssl-config.mozilla.org/guidelines/5.7.json
+    const char* mozillaIntermediate = "ECDHE-ECDSA-AES128-GCM-SHA256:"
+                                      "ECDHE-RSA-AES128-GCM-SHA256:"
+                                      "ECDHE-ECDSA-AES256-GCM-SHA384:"
+                                      "ECDHE-RSA-AES256-GCM-SHA384:"
+                                      "ECDHE-ECDSA-CHACHA20-POLY1305:"
+                                      "ECDHE-RSA-CHACHA20-POLY1305:"
+                                      "DHE-RSA-AES128-GCM-SHA256:"
+                                      "DHE-RSA-AES256-GCM-SHA384:"
+                                      "DHE-RSA-CHACHA20-POLY1305";
 
     if (SSL_CTX_set_cipher_list(mSslContext->native_handle(),
-                                mozillaModern.c_str()) != 1)
+                                mozillaIntermediate) != 1)
     {
         BMCWEB_LOG_ERROR << "Error setting cipher list\n";
     }
author	Ed Tanous <edtanous@google.com>	2023-06-15 00:53:29 +0300
committer	Ed Tanous <ed@tanous.net>	2023-06-20 22:43:14 +0300
commit	e96d7fbfe7f8e4ced88e960a66fca639234929c1 (patch)
tree	43e63bda5f70540024db65ec72c9c13624c82c53
parent	12dfca542800102a3fb28698086535cd2cca3ade (diff)
download	bmcweb-e96d7fbfe7f8e4ced88e960a66fca639234929c1.tar.xz