diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/ssl_key_handler.hpp | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp index bb2600c49c..db61db9f83 100644 --- a/include/ssl_key_handler.hpp +++ b/include/ssl_key_handler.hpp @@ -459,18 +459,20 @@ inline std::shared_ptr<boost::asio::ssl::context> BMCWEB_LOG_ERROR << "Error setting tmp ecdh list\n"; } - std::string mozillaModern = "ECDHE-ECDSA-AES128-GCM-SHA256:" - "ECDHE-RSA-AES128-GCM-SHA256:" - "ECDHE-ECDSA-AES256-GCM-SHA384:" - "ECDHE-RSA-AES256-GCM-SHA384:" - "ECDHE-ECDSA-CHACHA20-POLY1305:" - "ECDHE-RSA-CHACHA20-POLY1305:" - "DHE-RSA-AES128-GCM-SHA256:" - "DHE-RSA-AES256-GCM-SHA384:" - "DHE-RSA-CHACHA20-POLY1305"; + // Mozilla intermediate cipher suites v5.7 + // Sourced from: https://ssl-config.mozilla.org/guidelines/5.7.json + const char* mozillaIntermediate = "ECDHE-ECDSA-AES128-GCM-SHA256:" + "ECDHE-RSA-AES128-GCM-SHA256:" + "ECDHE-ECDSA-AES256-GCM-SHA384:" + "ECDHE-RSA-AES256-GCM-SHA384:" + "ECDHE-ECDSA-CHACHA20-POLY1305:" + "ECDHE-RSA-CHACHA20-POLY1305:" + "DHE-RSA-AES128-GCM-SHA256:" + "DHE-RSA-AES256-GCM-SHA384:" + "DHE-RSA-CHACHA20-POLY1305"; if (SSL_CTX_set_cipher_list(mSslContext->native_handle(), - mozillaModern.c_str()) != 1) + mozillaIntermediate) != 1) { BMCWEB_LOG_ERROR << "Error setting cipher list\n"; } |