Dear all, I got it to work, and added a pull request.
Cheers, Rutger On 01-06-16 09:34, Rutger ter Borg wrote: > > Deal all, > > I'm using a wthttpd instance to serve a Wt app. I used > https://www.ssllabs.com/ to test the quality of its security settings. > So far, the highest achievable of wthttpd is an A-, because wthttpd is > not forcing forward secrecy upon clients that do support them, but do > not prefer them. The DH param option already helps, but is not sufficient. > > My guess is that wthttpd will get proper support for forward secrecy if > server-side ciphers are preferred (and use the ones that use Ephemeral > Diffie-Hellman, DHE). The following would fix this: > > Modify http/Configuration: > > * add a sslPreferServerCiphers() (a boolean) option > > Modify http/Server, around // HTTPS and int sslOptions: > > if ( config.sslPreferServerCiphers() ) { > SSL_CTX_set_option( native_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE ); > } > > Thanks, > > Rutger > > ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ witty-interest mailing list witty-interest@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/witty-interest
