[LEDE-DEV] [PATCH 2/2] ustream-ssl: Disable RC4 for TLS connections.

Rosen Penev Fri, 30 Mar 2018 15:15:07 -0700

When used with LuCI, SSLlabs complains that RC4 is insecure and thus caps the 
score to a B.


I believe RC4 is compile-time enabled for non-TLS related reasons.

Signed-off-by: Rosen Penev <ros...@gmail.com>
---
 ustream-openssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ustream-openssl.c b/ustream-openssl.c
index 0f51b9d..ae5517b 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -52,7 +52,7 @@ __ustream_ssl_context_new(bool server)
 #ifndef OPENSSL_NO_ECDH
        SSL_CTX_set_ecdh_auto(c, 1);
 #endif
-       SSL_CTX_set_cipher_list(c, "ECDHE:ALL");
+       SSL_CTX_set_cipher_list(c, "ECDHE:!RC4:ALL");
        SSL_CTX_set_quiet_shutdown(c, 1);
 
        return (void *) c;
-- 
2.16.3


_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

[LEDE-DEV] [PATCH 2/2] ustream-ssl: Disable RC4 for TLS connections.

Reply via email to