X-Git-Url: http://git.code-monkey.de/?a=blobdiff_plain;f=src%2Fssli_openssl.c;h=8ff1bcf41400c02eaef71e85b0a7463e8aff27dd;hb=df8ef01c17eb187a969ca66e749d5a5837df0c3f;hp=0f631d20276a2c1dc0cca6ae5a085c95cdc53e87;hpb=779660334a7291f4918e313a78ed48f4d3d6e0a5;p=umurmur.git

diff --git a/src/ssli_openssl.c b/src/ssli_openssl.c
index 0f631d2..8ff1bcf 100644
--- a/src/ssli_openssl.c
+++ b/src/ssli_openssl.c
@@ -49,7 +49,7 @@ static RSA *rsa;
 static SSL_CTX *context;
 static EVP_PKEY *pkey;
 
-static char const * ciphers = "EECDH+AESGCM:AES256-SHA:AES128-SHA";
+static char const * ciphers = "EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES+TLSv1.2:EECDH+AES:AESGCM:AES:!aNULL:!DHE:!kECDH";
 
 static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx);
 
@@ -225,6 +225,7 @@ void SSLi_init(void)
 	context = SSL_CTX_new(SSLv23_server_method());
 	SSL_CTX_set_options(context, SSL_OP_NO_SSLv2);
 	SSL_CTX_set_options(context, SSL_OP_NO_SSLv3);
+	SSL_CTX_set_options(context, SSL_OP_CIPHER_SERVER_PREFERENCE);
 	if (context == NULL)
 	{
 		ERR_print_errors_fp(stderr);
@@ -410,7 +411,7 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
      * it for something special
      */
     if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
-	    X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+	    X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256);
 	    Log_warn("issuer= %s", buf);
     }
     return 1;