diff options
author | Todd Short <tshort@akamai.com> | 2015-12-21 15:19:29 -0500 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2017-11-30 07:13:08 +1000 |
commit | e1c7871de80029b81824df4d59edc6de5293835f (patch) | |
tree | 8b5e34751cbc70493dbbb36cddaf7f85cd943ccd /include | |
parent | 92b1b9a8871530f26ef7df972111297ffa721be2 (diff) |
Use ChaCha only if prioritized by clnt
IFF the client has ChaCha first, and server cipher priority is used,
and the new SSL_OP_PRIORITIZE_CHACHA_FOR_MOBILE option is used,
then reprioritize ChaCha above everything else. This way, A matching
ChaCha cipher will be selected if there is a match. If no ChaCha ciphers
match, then the other ciphers are used.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4436)
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ssl.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 176425a61d..a5251b59cc 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -338,6 +338,9 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U /* Disable encrypt-then-mac */ # define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U +/* Prioritize Chacha20Poly1305 when client does. + * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */ +# define SSL_OP_PRIORITIZE_CHACHA 0x00200000U /* * Set on servers to choose the cipher according to the server's preferences */ |