Google Git
Sign in
android/platform/external/libmicrohttpd/refs/heads/oreo-mr1-iot-release^!/.
commit
1e68f5d827a859ba3b7ab6a70a60247e0b96afa5
[log]
author
Alex Vakulenko <[email protected]>
Mon Sep 28 16:28:19 2015 -0700
committer
Alex Vakulenko <[email protected]>
Mon Sep 28 16:49:51 2015 -0700
tree
f4870aa1e3cef0f3e60477bc7dad546cef101409
parent
98eba18fb11e5d2d4f7cdadd03c24f69ee2bd32e [diff]
Remove GCM cipher mode requirements for fallback ciphersuites

SecureTransport of MacOS/iOS does not support GCM cipher mode with
ECDHE-ECDSA/ECDHE-RSA key-exchange algorithms even though they seem
to claim that they do. This is supposedly fixed in MacOS 10.11 but
that one is not out yet.

Using "meta" suite from BoringSSL to support strong encryption
algorithms with a bit more leeway, not just 4 we used to hardcode.

BUG: 24468826
Change-Id: Ie62a9b11584b6745848090888b7d9e1fe50e90ee

diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index 40059cf..9247fba 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c

@@ -704,10 +704,7 @@
   else
     {
       ret = SSL_CTX_set_cipher_list (daemon->tls_context,
-                                     "ECDHE-ECDSA-AES128-GCM-SHA256:"
-                                     "ECDHE-ECDSA-AES256-GCM-SHA384:"
-                                     "ECDHE-RSA-AES128-GCM-SHA256:"
-                                     "ECDHE-RSA-AES256-GCM-SHA384");
+                                     "HIGH!SHA1!DH@STRENGTH");
       if (ret == 0)
          {
 #if HAVE_MESSAGES