diff options
Diffstat (limited to 'src/ssl_ciphers.c')
| -rw-r--r-- | src/ssl_ciphers.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/ssl_ciphers.c b/src/ssl_ciphers.c new file mode 100644 index 0000000..168c2bb --- /dev/null +++ b/src/ssl_ciphers.c @@ -0,0 +1,21 @@ +#include "ucspissl.h" + +int ssl_ciphers(SSL_CTX *ctx,const char *ciphers) { + int r = 0; // no cipher selected + + if (!ciphers) return -1; + +/* TLS <= 1.2 SSL_CTX_set_cipher_list() + TLS = 1.3 SSL_CTX_set_ciphersuites() [only OpenSSL here] + + see: https://community.openvpn.net/openvpn/ticket/1159 +*/ + +#if (OPENSSL_VERSION_NUMBER > 0x10101000L && !LIBRESSL_VERSION_NUMBER) // 0xmnnffppsL + if ((r = SSL_CTX_set_ciphersuites(ctx,ciphers)) == 0) +#endif + r = SSL_CTX_set_cipher_list(ctx,ciphers); // TLS < 1.3 and fallback + + return r; +} + |