Hi,
The current limit on 'tls ciphers' is 255 characters which prevents using
the cipher list as recommended by
https://mozilla.github.io/server-side-tls/ssl-config-generator/
for example (clocks in just shy of 300 characters).
tls ciphers
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
results in a "ciphers too long" error.
I'm aware that 'secure' and 'compat' are available too, but perhaps
we can increase the limit a bit?
Cheers,
Jasper
Index: httpd.h
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/httpd.h,v
retrieving revision 1.138
diff -u -p -r1.138 httpd.h
--- httpd.h 20 Jun 2018 16:43:05 -0000 1.138
+++ httpd.h 17 Aug 2018 12:42:37 -0000
@@ -60,7 +60,7 @@
#define HTTPD_LOGVIS VIS_NL|VIS_TAB|VIS_CSTYLE
#define HTTPD_TLS_CERT "/etc/ssl/server.crt"
#define HTTPD_TLS_KEY "/etc/ssl/private/server.key"
-#define HTTPD_TLS_CONFIG_MAX 255
+#define HTTPD_TLS_CONFIG_MAX 512
#define HTTPD_TLS_CIPHERS "compat"
#define HTTPD_TLS_DHE_PARAMS "none"
#define HTTPD_TLS_ECDHE_CURVES "default"
--
jasper
