From: Felix Morgner <felix.morgner@gmail.com>
Date: Thu, 26 Jan 2017 13:35:37 +0000 (+0100)
Subject: Merge pull request #103 from l2dy/patch-1
X-Git-Url: http://git.code-monkey.de/?a=commitdiff_plain;h=7da15053baaaed7f9287c1c796e04d31457cfcca;hp=dad72e93b709f61385390ece33f9bbb860b17e3e;p=umurmur.git

Merge pull request #103 from l2dy/patch-1

Hotfix TLSv1 support for mbed TLS
---

diff --git a/src/ssl.h b/src/ssl.h
index 2bb80e2..3d40283 100644
--- a/src/ssl.h
+++ b/src/ssl.h
@@ -90,7 +90,11 @@ typedef	ssl_context SSL_handle_t;
 
 #elif defined(USE_MBEDTLS)
 #include <mbedtls/ssl.h>
+#if (MBEDTLS_VERSION_MINOR > 3)
+#include <mbedtls/net_socket.h>
+#else
 #include <mbedtls/net.h>
+#endif
 #include <mbedtls/version.h>
 
 #if defined(MBEDTLS_VERSION_MAJOR)
diff --git a/src/ssli_openssl.c b/src/ssli_openssl.c
index 0f631d2..009119d 100644
--- a/src/ssli_openssl.c
+++ b/src/ssli_openssl.c
@@ -49,7 +49,7 @@ static RSA *rsa;
 static SSL_CTX *context;
 static EVP_PKEY *pkey;
 
-static char const * ciphers = "EECDH+AESGCM:AES256-SHA:AES128-SHA";
+static char const * ciphers = "EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES+TLSv1.2:EECDH+AES:AESGCM:AES:!aNULL:!DHE:!kECDH";
 
 static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx);
 
@@ -225,6 +225,7 @@ void SSLi_init(void)
 	context = SSL_CTX_new(SSLv23_server_method());
 	SSL_CTX_set_options(context, SSL_OP_NO_SSLv2);
 	SSL_CTX_set_options(context, SSL_OP_NO_SSLv3);
+	SSL_CTX_set_options(context, SSL_OP_CIPHER_SERVER_PREFERENCE);
 	if (context == NULL)
 	{
 		ERR_print_errors_fp(stderr);