Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 926594f60627c7727befb15c50eb7680f30948a4
commit926594f60627c7727befb15c50eb7680f30948a4[log] [tgz]
authorLukas Tribus <lukas@ltri.eu>Fri May 18 17:55:57 2018 +0200
committerWilly Tarreau <w@1wt.eu>Wed May 23 16:55:15 2018 +0200
tree940abcebd25a1e6e384acfa7a4e10d4af7064bdb
parent8a16fe0d053b93c00a8bcf86159135f98ca1377e [diff]
MINOR: ssl: set SSL_OP_PRIORITIZE_CHACHA

Sets OpenSSL 1.1.1's SSL_OP_PRIORITIZE_CHACHA unconditionally, as per [1]:

When SSL_OP_CIPHER_SERVER_PREFERENCE is set, temporarily reprioritize
ChaCha20-Poly1305 ciphers to the top of the server cipher list if a
ChaCha20-Poly1305 cipher is at the top of the client cipher list. This
helps those clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher
is anywhere in the server cipher list; but still allows other clients to
use AES and other ciphers. Requires SSL_OP_CIPHER_SERVER_PREFERENCE.

[1] https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_clear_options.html
2 files changed
tree: 940abcebd25a1e6e384acfa7a4e10d4af7064bdb
  1. contrib/
  2. doc/
  3. ebtree/
  4. examples/
  5. include/
  6. scripts/
  7. src/
  8. tests/
  9. .gitignore
  10. CHANGELOG
  11. CONTRIBUTING
  12. LICENSE
  13. MAINTAINERS
  14. Makefile
  15. README
  16. ROADMAP
  17. SUBVERS
  18. VERDATE
  19. VERSION