Skip to content

Commit

Permalink
change server side cipher selection logic
Browse files Browse the repository at this point in the history
  • Loading branch information
@smittals2
smittals2 committed Jan 23, 2025
1 parent 8442723 commit ae84e27
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion ssl/tls13_server.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,13 @@ static int ssl_ext_supported_versions_add_serverhello(SSL_HANDSHAKE *hs,

static const SSL_CIPHER *choose_tls13_cipher(const SSL *ssl) {
STACK_OF(SSL_CIPHER) *tls13_ciphers = nullptr;
if (ssl->ctx->tls13_cipher_list &&
// First check config, otherwise fallback to ctx, and otherwise let client
// preference dictate cipher selection
if (ssl->config && ssl->config->tls13_cipher_list &&
ssl->config->tls13_cipher_list.get()->ciphers &&
sk_SSL_CIPHER_num(ssl->config->tls13_cipher_list.get()->ciphers.get()) > 0) {
tls13_ciphers = ssl->config->tls13_cipher_list.get()->ciphers.get();
} else if (ssl->ctx->tls13_cipher_list &&
ssl->ctx->tls13_cipher_list.get()->ciphers &&
sk_SSL_CIPHER_num(ssl->ctx->tls13_cipher_list.get()->ciphers.get()) > 0) {
tls13_ciphers = ssl->ctx->tls13_cipher_list.get()->ciphers.get();
Expand Down

0 comments on commit ae84e27

Please sign in to comment.