2 * nghttp2 - HTTP/2 C Library
4 * Copyright (c) 2015 Tatsuhiro Tsujikawa
6 * Permission is hereby granted, free of charge, to any person obtaining
7 * a copy of this software and associated documentation files (the
8 * "Software"), to deal in the Software without restriction, including
9 * without limitation the rights to use, copy, modify, merge, publish,
10 * distribute, sublicense, and/or sell copies of the Software, and to
11 * permit persons to whom the Software is furnished to do so, subject to
12 * the following conditions:
14 * The above copyright notice and this permission notice shall be
15 * included in all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
18 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
19 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
20 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
21 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
22 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
23 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
25 #include "asio_server_tls_context.h"
27 #include <openssl/ssl.h>
29 #include <boost/asio/ssl.hpp>
35 namespace asio_http2 {
39 std::vector<unsigned char> &get_alpn_token() {
40 static auto alpn_token = util::get_default_alpn();
45 boost::system::error_code
46 configure_tls_context_easy(boost::system::error_code &ec,
47 boost::asio::ssl::context &tls_context) {
50 auto ctx = tls_context.native_handle();
52 SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
53 SSL_OP_NO_COMPRESSION |
54 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
55 SSL_OP_SINGLE_ECDH_USE | SSL_OP_NO_TICKET |
56 SSL_OP_CIPHER_SERVER_PREFERENCE);
57 SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
58 SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
60 SSL_CTX_set_cipher_list(ctx, ssl::DEFAULT_CIPHER_LIST);
62 auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
64 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
68 SSL_CTX_set_next_protos_advertised_cb(
70 [](SSL *s, const unsigned char **data, unsigned int *len, void *arg) {
71 auto &token = get_alpn_token();
76 return SSL_TLSEXT_ERR_OK;
84 } // namespace asio_http2
85 } // namespace nghttp2