diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c index c06557ed..96011133 100644 --- a/lib/libwebsockets.c +++ b/lib/libwebsockets.c @@ -2731,6 +2731,7 @@ libwebsocket_create_context(int port, const char *interf, SSL_CTX_set_options(context->ssl_ctx, SSL_OP_NO_COMPRESSION); SSL_CTX_set_options(context->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); + SSL_CTX_set_cipher_list(context->ssl_ctx, CIPHERS_LIST_STRING); /* client context */ @@ -2751,6 +2752,7 @@ libwebsocket_create_context(int port, const char *interf, SSL_CTX_set_options(context->ssl_client_ctx, SSL_OP_NO_COMPRESSION); SSL_CTX_set_options(context->ssl_client_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); + SSL_CTX_set_cipher_list(context->ssl_client_ctx, CIPHERS_LIST_STRING); /* openssl init for cert verification (for client sockets) */ if (!ssl_ca_filepath) { diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h index a5a11a7f..baf2a815 100644 --- a/lib/private-libwebsockets.h +++ b/lib/private-libwebsockets.h @@ -129,6 +129,7 @@ void debug(const char *format, ...) #define LWS_MAX_EXTENSIONS_ACTIVE 10 #define SPEC_LATEST_SUPPORTED 13 #define AWAITING_TIMEOUT 5 +#define CIPHERS_LIST_STRING "DEFAULT" #define MAX_WEBSOCKET_04_KEY_LEN 128 #define SYSTEM_RANDOM_FILEPATH "/dev/urandom"