byterazor/qpsmtpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tls: respect the order of specified ciphers.

Browse Source 
Signed-off-by: Tom Li <biergaizi2009@gmail.com>
This commit is contained in:
Tom Li 2015-02-02 17:37:15 +08:00
parent 262857b1cb
commit e6ee356925
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
plugins/tls
View File

@ -94,7 +94,8 @@ sub init {
SSL_key_file => $self->tls_key, SSL_key_file => $self->tls_key,
SSL_ca_file => $self->tls_ca, SSL_ca_file => $self->tls_ca,
SSL_cipher_list => $self->tls_ciphers, SSL_cipher_list => $self->tls_ciphers,
SSL_server => 1 SSL_server => 1,
SSL_honor_cipher_order => 1
) )
or die "Could not create SSL context: $!"; or die "Could not create SSL context: $!";
@ -195,6 +196,7 @@ sub _convert_to_ssl {
SSL_cipher_list => $self->tls_ciphers, SSL_cipher_list => $self->tls_ciphers,
SSL_server => 1, SSL_server => 1,
SSL_reuse_ctx => $self->ssl_context, SSL_reuse_ctx => $self->ssl_context,
SSL_honor_cipher_order => 1
) )
or die "Could not create SSL socket: $!"; or die "Could not create SSL socket: $!";
@ -295,6 +297,7 @@ sub upgrade_socket {
SSL_startHandshake => 0, SSL_startHandshake => 0,
SSL_server => 1, SSL_server => 1,
SSL_reuse_ctx => $sp->ssl_context, SSL_reuse_ctx => $sp->ssl_context,
SSL_honor_cipher_order => 1
} }
) )
or die "Could not upgrade socket to SSL: $!"; or die "Could not upgrade socket to SSL: $!";