|
| From: | Erik Smith |
| Subject: | Re: [libmicrohttpd] Configuring ciphers |
| Date: | Mon, 21 Jun 2021 13:24:59 -0700 |
Hello Erik,
MHD generally relies on GnuTLS for handling everything related to TLS
(and SSL). All recent versions of GnuTLS have SSL3.0 disabled by
default, so you don't need to do anything to disable SSL3.0 (as it is
already disabled).
However you can provide your own ciphers preferences by
MHD_OPTION_HTTPS_PRIORITIES. Provided value will be used with
gnutls_priority_init().
See https://gnutls.org/manual/html_node/Priority-Strings.html for details.
--
Wishes,
Evgeny
On 19.06.2021 17:46, Erik Smith wrote:
> The security folks flagged our server for accepting SSL 3.0 ciphers that
> it shouldn't. I'm not sure about the proper way to configure this for
> MHD. I thought I saw a function at one pont that passes config info to
> gnuTLS but I can't find it. This is how operations configures
> NGINIX to solve the problem:
>
> ssl_protocols TLSv1.2;
> ssl_prefer_server_ciphers on;
> ssl_ciphers
> "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:AES256+AESGCM:!MD5";
>
>
| [Prev in Thread] | Current Thread | [Next in Thread] |