From 922f68c85e6c3cfc226b72d961127f6c1436988d Mon Sep 17 00:00:00 2001
From: Andy Green <andy.green@linaro.org>
Date: Thu, 18 Feb 2016 19:20:02 +0800
Subject: [PATCH] test server allow only best quality ciphers

Signed-off-by: Andy Green <andy.green@linaro.org>
---
 test-server/test-server.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/test-server/test-server.c b/test-server/test-server.c
index eebab293b..fe80a3419 100644
--- a/test-server/test-server.c
+++ b/test-server/test-server.c
@@ -321,6 +321,19 @@ int main(int argc, char **argv)
 	info.max_http_header_pool = 1;
 	info.options = opts | LWS_SERVER_OPTION_VALIDATE_UTF8;
 	info.extensions = exts;
+	info.ssl_cipher_list = "ECDHE-ECDSA-AES256-GCM-SHA384:"
+			       "ECDHE-RSA-AES256-GCM-SHA384:"
+			       "DHE-RSA-AES256-GCM-SHA384:"
+			       "ECDHE-RSA-AES256-SHA384:"
+			       "HIGH:!aNULL:!eNULL:!EXPORT:"
+			       "!DES:!MD5:!PSK:!RC4:!HMAC_SHA1:"
+			       "!SHA1:!DHE-RSA-AES128-GCM-SHA256:"
+			       "!DHE-RSA-AES128-SHA256:"
+			       "!AES128-GCM-SHA256:"
+			       "!AES128-SHA256:"
+			       "!DHE-RSA-AES256-SHA256:"
+			       "!AES256-GCM-SHA384:"
+			       "!AES256-SHA256";
 	context = lws_create_context(&info);
 	if (context == NULL) {
 		lwsl_err("libwebsocket init failed\n");