When used with LuCI, SSLlabs complains that RC4 is insecure and thus caps the score to a B.
I believe RC4 is compile-time enabled for non-TLS related reasons. Signed-off-by: Rosen Penev <ros...@gmail.com> --- ustream-openssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ustream-openssl.c b/ustream-openssl.c index 0f51b9d..ae5517b 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -52,7 +52,7 @@ __ustream_ssl_context_new(bool server) #ifndef OPENSSL_NO_ECDH SSL_CTX_set_ecdh_auto(c, 1); #endif - SSL_CTX_set_cipher_list(c, "ECDHE:ALL"); + SSL_CTX_set_cipher_list(c, "ECDHE:!RC4:ALL"); SSL_CTX_set_quiet_shutdown(c, 1); return (void *) c; -- 2.16.3 _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev