Add "SSLHonorCipherOrder" directive to enable the OpenSSL 0.9.7 flag

which uses the server's cipher preference order rather than the client's. * modules/ssl/ssl_private.h (struct SSLSrvConfigRec): Add cipher_server_pref field. * modules/ssl/ssl_engine_config.c (ssl_config_server_create, ssl_config_server_merge): Initialize and merge cipher_server_pref field. (ssl_cmd_SSLHonorCipherOrder): New function. * modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): Set the context option SSL_OP_CIPHER_SERVER_PREFERENCE when required. PR: 28665 Submitted by: Jim Shneider <jschneid netilla.com> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103832 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2004-06-03 13:03:08 +00:00
parent 0e522dcda8
commit e9ef262085
5 changed files with 31 additions and 0 deletions
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -428,6 +428,15 @@ static void ssl_init_ctx_protocol(server_rec *s,
        SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
    }

+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+    {
+        SSLSrvConfigRec *sc = mySrvConfig(s);
+        if (sc->cipher_server_pref == TRUE) {
+            SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+        }
+    }
+#endif
+
    SSL_CTX_set_app_data(ctx, s);

    /*