summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSebastian Benoit <benno@cvs.openbsd.org>2015-10-27 12:27:55 +0000
committerSebastian Benoit <benno@cvs.openbsd.org>2015-10-27 12:27:55 +0000
commitcb851e7900bc120d57dea5adb05638683e36248e (patch)
tree1ccf2ef3d68011061b4b1875d76c6b219159ab86
parent6584c4f1e7c5c1d4db003396d988218bf0a3e4ac (diff)
change cipher-server-preference to be on by default. It can be disabled with
no cipher-server-preference this makes more clients select ciphers with pfs. requested and ok by reyk@
Diffstat
-rw-r--r--usr.sbin/relayd/relayd.conf.56
-rw-r--r--usr.sbin/relayd/relayd.h4
2 files changed, 5 insertions, 5 deletions
diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5
index bdb6cd31e59..60411785064 100644
--- a/usr.sbin/relayd/relayd.conf.5
+++ b/usr.sbin/relayd/relayd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: relayd.conf.5,v 1.166 2015/10/24 11:37:17 benno Exp $
+.\" $OpenBSD: relayd.conf.5,v 1.167 2015/10/27 12:27:54 benno Exp $
.\"
.\" Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org>
.\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: October 24 2015 $
+.Dd $Mdocdate: October 27 2015 $
.Dt RELAYD.CONF 5
.Os
.Sh NAME
@@ -934,7 +934,7 @@ for information about SSL/TLS cipher suites and preference lists.
.It Oo Ic no Oc Ic cipher-server-preference
Prefer the server's cipher list over the client's preferences when
choosing a cipher for the connection;
-disabled by default.
+enabled by default.
.It Oo Ic no Oc Ic client-renegotiation
Allow client-initiated renegotiation;
enabled by default.
diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h
index 3c7dc89add2..d48581240d9 100644
--- a/usr.sbin/relayd/relayd.h
+++ b/usr.sbin/relayd/relayd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: relayd.h,v 1.214 2015/08/21 08:45:51 yasuoka Exp $ */
+/* $OpenBSD: relayd.h,v 1.215 2015/10/27 12:27:54 benno Exp $ */
/*
* Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org>
@@ -676,7 +676,7 @@ TAILQ_HEAD(relay_rules, relay_rule);
#define TLSFLAG_CIPHER_SERVER_PREF 0x20
#define TLSFLAG_CLIENT_RENEG 0x40
#define TLSFLAG_DEFAULT \
- (TLSFLAG_TLSV1_2|TLSFLAG_CLIENT_RENEG)
+ (TLSFLAG_TLSV1_2|TLSFLAG_CIPHER_SERVER_PREF|TLSFLAG_CLIENT_RENEG)
#define TLSFLAG_BITS \
"\06\01sslv3\02tlsv1.0\03tlsv1.1\04tlsv1.2" \
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 00:09:34 +0000