summaryrefslogtreecommitdiff
path: root/include/ssl_key_handler.hpp
diff options
context:
space:
mode:
Diffstat (limited to 'include/ssl_key_handler.hpp')
-rw-r--r--include/ssl_key_handler.hpp22
1 files changed, 12 insertions, 10 deletions
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp
index bb2600c49c..db61db9f83 100644
--- a/include/ssl_key_handler.hpp
+++ b/include/ssl_key_handler.hpp
@@ -459,18 +459,20 @@ inline std::shared_ptr<boost::asio::ssl::context>
BMCWEB_LOG_ERROR << "Error setting tmp ecdh list\n";
}
- std::string mozillaModern = "ECDHE-ECDSA-AES128-GCM-SHA256:"
- "ECDHE-RSA-AES128-GCM-SHA256:"
- "ECDHE-ECDSA-AES256-GCM-SHA384:"
- "ECDHE-RSA-AES256-GCM-SHA384:"
- "ECDHE-ECDSA-CHACHA20-POLY1305:"
- "ECDHE-RSA-CHACHA20-POLY1305:"
- "DHE-RSA-AES128-GCM-SHA256:"
- "DHE-RSA-AES256-GCM-SHA384:"
- "DHE-RSA-CHACHA20-POLY1305";
+ // Mozilla intermediate cipher suites v5.7
+ // Sourced from: https://ssl-config.mozilla.org/guidelines/5.7.json
+ const char* mozillaIntermediate = "ECDHE-ECDSA-AES128-GCM-SHA256:"
+ "ECDHE-RSA-AES128-GCM-SHA256:"
+ "ECDHE-ECDSA-AES256-GCM-SHA384:"
+ "ECDHE-RSA-AES256-GCM-SHA384:"
+ "ECDHE-ECDSA-CHACHA20-POLY1305:"
+ "ECDHE-RSA-CHACHA20-POLY1305:"
+ "DHE-RSA-AES128-GCM-SHA256:"
+ "DHE-RSA-AES256-GCM-SHA384:"
+ "DHE-RSA-CHACHA20-POLY1305";
if (SSL_CTX_set_cipher_list(mSslContext->native_handle(),
- mozillaModern.c_str()) != 1)
+ mozillaIntermediate) != 1)
{
BMCWEB_LOG_ERROR << "Error setting cipher list\n";
}
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-18 15:13:13 +0300