diff options
author | Ed Tanous <edtanous@google.com> | 2023-06-15 00:53:29 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2023-06-20 22:43:14 +0300 |
commit | e96d7fbfe7f8e4ced88e960a66fca639234929c1 (patch) | |
tree | 43e63bda5f70540024db65ec72c9c13624c82c53 /include/ssl_key_handler.hpp | |
parent | 12dfca542800102a3fb28698086535cd2cca3ade (diff) | |
download | bmcweb-e96d7fbfe7f8e4ced88e960a66fca639234929c1.tar.xz |
Change cipher suite variable
This variable was poorly named. At one point it represented mozilla
modern cipher suites, but it has been long since changed to mozilla
intermediate. Name the variable appropriately.
While we're here, also change the type to const char*, such that we're
not allocating the string for every connection.
Change-Id: I0faae73448d953c173c3d3b9e4916b41b2a2497a
Signed-off-by: Ed Tanous <edtanous@google.com>
Diffstat (limited to 'include/ssl_key_handler.hpp')
-rw-r--r-- | include/ssl_key_handler.hpp | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp index bb2600c49c..db61db9f83 100644 --- a/include/ssl_key_handler.hpp +++ b/include/ssl_key_handler.hpp @@ -459,18 +459,20 @@ inline std::shared_ptr<boost::asio::ssl::context> BMCWEB_LOG_ERROR << "Error setting tmp ecdh list\n"; } - std::string mozillaModern = "ECDHE-ECDSA-AES128-GCM-SHA256:" - "ECDHE-RSA-AES128-GCM-SHA256:" - "ECDHE-ECDSA-AES256-GCM-SHA384:" - "ECDHE-RSA-AES256-GCM-SHA384:" - "ECDHE-ECDSA-CHACHA20-POLY1305:" - "ECDHE-RSA-CHACHA20-POLY1305:" - "DHE-RSA-AES128-GCM-SHA256:" - "DHE-RSA-AES256-GCM-SHA384:" - "DHE-RSA-CHACHA20-POLY1305"; + // Mozilla intermediate cipher suites v5.7 + // Sourced from: https://ssl-config.mozilla.org/guidelines/5.7.json + const char* mozillaIntermediate = "ECDHE-ECDSA-AES128-GCM-SHA256:" + "ECDHE-RSA-AES128-GCM-SHA256:" + "ECDHE-ECDSA-AES256-GCM-SHA384:" + "ECDHE-RSA-AES256-GCM-SHA384:" + "ECDHE-ECDSA-CHACHA20-POLY1305:" + "ECDHE-RSA-CHACHA20-POLY1305:" + "DHE-RSA-AES128-GCM-SHA256:" + "DHE-RSA-AES256-GCM-SHA384:" + "DHE-RSA-CHACHA20-POLY1305"; if (SSL_CTX_set_cipher_list(mSslContext->native_handle(), - mozillaModern.c_str()) != 1) + mozillaIntermediate) != 1) { BMCWEB_LOG_ERROR << "Error setting cipher list\n"; } |