Updated Branches: refs/heads/master 909319c7c -> e90fc25b8
TS-2370: SSL proxy.config.ssl.server.honor_cipher_order is backwards Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/e90fc25b Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/e90fc25b Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/e90fc25b Branch: refs/heads/master Commit: e90fc25b866da93124a549618f7ce7a925ddbd4f Parents: 909319c Author: Bryan Call <[email protected]> Authored: Mon Jan 6 11:21:03 2014 -0800 Committer: Bryan Call <[email protected]> Committed: Mon Jan 6 11:21:03 2014 -0800 ---------------------------------------------------------------------- iocore/net/SSLConfig.cc | 2 +- mgmt/RecordsConfig.cc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e90fc25b/iocore/net/SSLConfig.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc index 8493766..e35bd58 100644 --- a/iocore/net/SSLConfig.cc +++ b/iocore/net/SSLConfig.cc @@ -156,7 +156,7 @@ SSLConfigParams::initialize() ssl_ctx_options |= SSL_OP_NO_TLSv1_2; #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE REC_ReadConfigInteger(options, "proxy.config.ssl.server.honor_cipher_order"); - if (!options) + if (options) ssl_ctx_options |= SSL_OP_CIPHER_SERVER_PREFERENCE; #endif http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e90fc25b/mgmt/RecordsConfig.cc ---------------------------------------------------------------------- diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc index 22161cc..26c9410 100644 --- a/mgmt/RecordsConfig.cc +++ b/mgmt/RecordsConfig.cc @@ -1235,7 +1235,7 @@ RecordElement RecordsConfig[] = { , {RECT_CONFIG, "proxy.config.ssl.server.cipher_suite", RECD_STRING, "RC4-SHA:AES128-SHA:DES-CBC3-SHA:AES256-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL", RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL} , - {RECT_CONFIG, "proxy.config.ssl.server.honor_cipher_order", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL} + {RECT_CONFIG, "proxy.config.ssl.server.honor_cipher_order", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL} , {RECT_CONFIG, "proxy.config.ssl.server_port", RECD_INT, "-1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-65535]", RECA_NULL} ,
