ustream-ssl: Remove RC4 from ciphersuite in server mode.

SSLlabs complains that RC4 is enabled as it is insecure, thereby capping the grade to B.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

diff --git a/ustream-openssl.c b/ustream-openssl.c
index 2faa8557fbb32384aceb3b8346b404eebf2cba56..eb03dab1ac1dd08f4db5901d56c852d6607ce4fc 100644 (file)
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -52,6 +52,8 @@ __ustream_ssl_context_new(bool server)
 #ifndef OPENSSL_NO_ECDH
        SSL_CTX_set_ecdh_auto(c, 1);
 #endif
+       if (server)
+               SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH");
        SSL_CTX_set_quiet_shutdown(c, 1);
 
        return (void *) c;