mbedtls: Fix setting allowed cipher suites

[project/ustream-ssl.git] / ustream-openssl.c

diff --git a/ustream-openssl.c b/ustream-openssl.c
index 4a3f0a2..eb03dab 100644 (file)
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -35,23 +35,25 @@ __ustream_ssl_context_new(bool server)
                _init = true;
        }
 
-#ifdef CYASSL_OPENSSL_H_
        if (server)
+#ifdef CYASSL_OPENSSL_H_
                m = SSLv23_server_method();
-       else
-               m = SSLv23_client_method();
 #else
-       if (server)
                m = TLSv1_2_server_method();
-       else
-               m = TLSv1_2_client_method();
 #endif
+       else
+               m = SSLv23_client_method();
 
        c = SSL_CTX_new((void *) m);
        if (!c)
                return NULL;
 
        SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL);
+#ifndef OPENSSL_NO_ECDH
+       SSL_CTX_set_ecdh_auto(c, 1);
+#endif
+       if (server)
+               SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH");
        SSL_CTX_set_quiet_shutdown(c, 1);
 
        return (void *) c;