commit | 53ae85c38e1d70634d06ea0958c17bb5b49d05b7 | [log] [tgz] |
---|---|---|
author | Lukas Tribus <luky-37@hotmail.com> | Thu May 04 15:45:40 2017 +0000 |
committer | Willy Tarreau <w@1wt.eu> | Fri May 12 15:49:04 2017 +0200 |
tree | 501fa0411ec256e88570de8c89a5bb95f128e7d3 | |
parent | f494977bc1a361c26f8cc0516366ef2662ac9502 [diff] |
MINOR: ssl: add prefer-client-ciphers Currently we unconditionally set SSL_OP_CIPHER_SERVER_PREFERENCE [1], which may not always be a good thing. The benefit of server side cipher prioritization may not apply to all cases out there, and it appears that the various SSL libs are going away from this recommendation ([2], [3]), as insecure ciphers suites are properly blacklisted/removed and honoring the client's preference is more likely to improve user experience (for example using SW-friendly ciphers on devices without HW AES support). This is especially true for TLSv1.3, which will restrict the cipher suites to just AES-GCM and Chacha20/Poly1305. Apache [4], nginx [5] and others give admins full flexibility, we should as well. The initial proposal to change the current default and add a "prefer-server-ciphers" option (as implemented in e566ecb) has been declined due to the possible security impact. This patch implements prefer-client-ciphers without changing the defaults. [1] https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html [2] https://github.com/openssl/openssl/issues/541 [3] https://github.com/libressl-portable/portable/issues/66 [4] https://httpd.apache.org/docs/2.0/en/mod/mod_ssl.html#sslhonorcipherorder [5] https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers