test server allow only best quality ciphers

author Andy Green <andy.green@linaro.org>

Thu, 18 Feb 2016 11:20:02 +0000 (19:20 +0800)

committer Andy Green <andy.green@linaro.org>

Thu, 18 Feb 2016 11:27:08 +0000 (19:27 +0800)
author Andy Green <andy.green@linaro.org>
Thu, 18 Feb 2016 11:20:02 +0000 (19:20 +0800)
committer Andy Green <andy.green@linaro.org>
Thu, 18 Feb 2016 11:27:08 +0000 (19:27 +0800)
diff --git a/test-server/test-server.c b/test-server/test-server.c

index eebab29..fe80a34 100644 (file)
--- a/test-server/test-server.c
+++ b/test-server/test-server.c
@@ -321,6 +321,19 @@ int main(int argc, char **argv)
         info.max_http_header_pool = 1;
         info.options = opts | LWS_SERVER_OPTION_VALIDATE_UTF8;
         info.extensions = exts;
+       info.ssl_cipher_list = "ECDHE-ECDSA-AES256-GCM-SHA384:"
+                              "ECDHE-RSA-AES256-GCM-SHA384:"
+                              "DHE-RSA-AES256-GCM-SHA384:"
+                              "ECDHE-RSA-AES256-SHA384:"
+                              "HIGH:!aNULL:!eNULL:!EXPORT:"
+                              "!DES:!MD5:!PSK:!RC4:!HMAC_SHA1:"
+                              "!SHA1:!DHE-RSA-AES128-GCM-SHA256:"
+                              "!DHE-RSA-AES128-SHA256:"
+                              "!AES128-GCM-SHA256:"
+                              "!AES128-SHA256:"
+                              "!DHE-RSA-AES256-SHA256:"
+                              "!AES256-GCM-SHA384:"
+                              "!AES256-SHA256";
         context = lws_create_context(&info);
         if (context == NULL) {
                 lwsl_err("libwebsocket init failed\n");
author	Andy Green <andy.green@linaro.org>
	Thu, 18 Feb 2016 11:20:02 +0000 (19:20 +0800)
committer	Andy Green <andy.green@linaro.org>
	Thu, 18 Feb 2016 11:27:08 +0000 (19:27 +0800)