- "`access-log`": "filepath" sets where apache-compatible access logs will be written
+ - "`ciphers`": "<cipher list>" sets the allowed list of ciphers and key exchange protocols for the vhost. The default list is restricted to only those providing PFS (Perfect Forward Secrecy) on the author's Fedora system.
+
+ If you need to allow weaker ciphers,you can provide an alternative list here per-vhost.
+
+ - "`ecdh-curve`": "<curve name>" The default ecdh curve is "prime256v1", but you can override it here, per-vhost
+
Mounts
------
"vhosts[].ws-protocols[].*",
"vhosts[].ws-protocols[]",
"vhosts[].keepalive_timeout",
+ "vhosts[].ciphers",
+ "vhosts[].ecdh-curve",
};
enum lejp_vhost_paths {
LEJPVP_PROTOCOL_NAME,
LEJPVP_PROTOCOL,
LEJPVP_KEEPALIVE_TIMEOUT,
+ LEJPVP_CIPHERS,
+ LEJPVP_ECDH_CURVE,
};
#define MAX_PLUGIN_DIRS 10
case LEJPVP_KEEPALIVE_TIMEOUT:
a->info->keepalive_timeout = atoi(ctx->buf);
return 0;
+ case LEJPVP_CIPHERS:
+ a->info->ssl_cipher_list = a->p;
+ break;
+ case LEJPVP_ECDH_CURVE:
+ a->info->ecdh_curve = a->p;
+ break;
case LEJPVP_CGI_ENV:
mp_cgienv = lwsws_align(a);
a->p += sizeof(*a->m.cgienv);
projects / platform / upstream / libwebsockets.git / commitdiff