Remove GCM cipher mode requirements for fallback ciphersuites
SecureTransport of MacOS/iOS does not support GCM cipher mode with
ECDHE-ECDSA/ECDHE-RSA key-exchange algorithms even though they seem
to claim that they do. This is supposedly fixed in MacOS 10.11 but
that one is not out yet.
Using "meta" suite from BoringSSL to support strong encryption
algorithms with a bit more leeway, not just 4 we used to hardcode.
BUG: 24468826
Change-Id: Ie62a9b11584b6745848090888b7d9e1fe50e90ee
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index 40059cf..9247fba 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -704,10 +704,7 @@
else
{
ret = SSL_CTX_set_cipher_list (daemon->tls_context,
- "ECDHE-ECDSA-AES128-GCM-SHA256:"
- "ECDHE-ECDSA-AES256-GCM-SHA384:"
- "ECDHE-RSA-AES128-GCM-SHA256:"
- "ECDHE-RSA-AES256-GCM-SHA384");
+ "HIGH!SHA1!DH@STRENGTH");
if (ret == 0)
{
#if HAVE_MESSAGES