[haiku-commits] haiku: hrev50422 - src/kits/network/libnetapi

From: waddlesplash@xxxxxxxxx
To: haiku-commits@xxxxxxxxxxxxx
Date: Sat, 16 Jul 2016 21:03:24 +0200 (CEST)

hrev50422 adds 1 changeset to branch 'master'
old head: 7cdea13cf9d765ef86793ebab86f6167ee179abf
new head: 44ffe7c28fba04f0228c7895c8f1460397ef1f21
overview:
http://cgit.haiku-os.org/haiku/log/?qt=range&q=44ffe7c28fba+%5E7cdea13cf9d7

----------------------------------------------------------------------------

44ffe7c28fba: BSecureSocket: Explicitly set the list of ciphersuites.

  OpenSSL's default cipherlist has a lot of spurious and arguably insecure
  suites left in it for compatibility reasons. We have no need for all that,
  so let's just use the suites Firefox/Chrome do.

                              [ Augustin Cavalier <waddlesplash@xxxxxxxxx> ]

----------------------------------------------------------------------------

Revision:    hrev50422
Commit:      44ffe7c28fba04f0228c7895c8f1460397ef1f21
URL:         http://cgit.haiku-os.org/haiku/commit/?id=44ffe7c28fba
Author:      Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date:        Sat Jul 16 18:47:17 2016 UTC

----------------------------------------------------------------------------

1 file changed, 18 insertions(+)
src/kits/network/libnetapi/SecureSocket.cpp | 18 ++++++++++++++++++

----------------------------------------------------------------------------

diff --git a/src/kits/network/libnetapi/SecureSocket.cpp
b/src/kits/network/libnetapi/SecureSocket.cpp
index 6892aba..b95e37c 100644
--- a/src/kits/network/libnetapi/SecureSocket.cpp
+++ b/src/kits/network/libnetapi/SecureSocket.cpp
@@ -192,6 +192,24 @@ BSecureSocket::Private::_CreateContext()
        // Don't bother us with ERROR_WANT_READ.
        SSL_CTX_set_mode(sContext, SSL_MODE_AUTO_RETRY);

+       // Setup cipher suites.
+       // These suites are mostly the same ones used by Firefox 47 and Chrome
50.
+       SSL_CTX_set_cipher_list(sContext,
+               "ECDHE-ECDSA-AES128-GCM-SHA256:"
+               "ECDHE-RSA-AES128-GCM-SHA256:"
+               "ECDHE-ECDSA-AES256-GCM-SHA384:"
+               "ECDHE-RSA-AES256-GCM-SHA384:"
+               "ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:"
+               "ECDHE-RSA-CHACHA20-POLY1305-SHA256:"
+               "ECDHE-ECDSA-AES256-SHA:"
+               "ECDHE-ECDSA-AES128-SHA:"
+               "ECDHE-RSA-AES128-SHA:"
+               "ECDHE-RSA-AES256-SHA:"
+               "DHE-RSA-AES128-SHA:"
+               "DHE-RSA-AES256-SHA:"
+               "AES128-SHA:"
+               "AES256-SHA");
+
        // Setup certificate verification
        BPath certificateStore;
        find_directory(B_SYSTEM_DATA_DIRECTORY, &certificateStore);

[haiku-commits] haiku: hrev50422 - src/kits/network/libnetapi

Other related posts: