From 1087d4df2a7342d2832ba3bab1843bf4a3040775 Mon Sep 17 00:00:00 2001
From: Jannis Hoffmann <jannis@fehcom.de>
Date: Sun, 14 Jul 2024 21:28:19 +0200
Subject: add version 0.12.10

---
 src/ssl_ciphers.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 src/ssl_ciphers.c

(limited to 'src/ssl_ciphers.c')

diff --git a/src/ssl_ciphers.c b/src/ssl_ciphers.c
new file mode 100644
index 0000000..168c2bb
--- /dev/null
+++ b/src/ssl_ciphers.c
@@ -0,0 +1,21 @@
+#include "ucspissl.h"
+
+int ssl_ciphers(SSL_CTX *ctx,const char *ciphers) {
+  int r = 0;  // no cipher selected
+
+  if (!ciphers) return -1;
+
+/* TLS <= 1.2		SSL_CTX_set_cipher_list()	
+   TLS  = 1.3		SSL_CTX_set_ciphersuites() [only OpenSSL here]
+
+   see: https://community.openvpn.net/openvpn/ticket/1159
+*/
+
+#if (OPENSSL_VERSION_NUMBER > 0x10101000L && !LIBRESSL_VERSION_NUMBER) // 0xmnnffppsL
+  if ((r = SSL_CTX_set_ciphersuites(ctx,ciphers)) == 0)
+#endif
+    r = SSL_CTX_set_cipher_list(ctx,ciphers);   // TLS < 1.3 and fallback
+  
+  return r;  
+}
+
-- 
cgit v1.2.3