|Title:||support of openssl options in tls:init|
|Last Modified:||2021-09-29 08:42:00|
|Version Found In:||1.7.22|
anonymous added on 2021-09-29 08:34:09:
In some cases it is required to change openssl options running tcltls. There may be more and other options as I need and describe here.
E.g. running tclhttpd with tcltls needs openssl to change client to server cipher order to pass SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30) as grade A.
I don't know a better way as to add SSL_OP_CIPHER_SERVER_PREFERENCE to tcl.c but would prefer to have an option in ::tls::init
anonymous added on 2021-09-29 08:42:00:
Of cause the added line should be
tls.c:1215 SSL_CTX_set_options( ctx, SSL_OP_CIPHER_SERVER_PREFERENCE ); /* force cipher order selection by server */