From 5fc551d620bb353dbac68fe4d23da12784575118 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Sat, 15 Feb 2020 21:35:40 +0100 Subject: tls: support specifying accepted TLS ciphers Introduce a new `-P` option which allows specifying a colon separated list of accepted TLS ciphers. Depending on the underlying ustream-ssl provider, the list either follows OpenSSL's cipher string format or, in case of mbedTLS, is a simple colon separated cipher whitelist. Signed-off-by: Jo-Philipp Wich --- tls.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'tls.c') diff --git a/tls.c b/tls.c index d969b82..1da0881 100644 --- a/tls.c +++ b/tls.c @@ -31,7 +31,7 @@ static struct ustream_ssl_ops *ops; static void *dlh; static void *ctx; -int uh_tls_init(const char *key, const char *crt) +int uh_tls_init(const char *key, const char *crt, const char *ciphers) { static bool _init = false; @@ -63,6 +63,11 @@ int uh_tls_init(const char *key, const char *crt) return -EINVAL; } + if (ciphers && ops->context_set_ciphers(ctx, ciphers)) { + fprintf(stderr, "No recognized ciphers in cipher list\n"); + return -EINVAL; + } + return 0; } -- cgit v1.2.3