From cb3730b0cf07fd5f247b5e89d650b75491996756 Mon Sep 17 00:00:00 2001 From: Daniel Lowrey Date: Fri, 11 Oct 2013 15:54:13 -0400 Subject: [PATCH] honor_server_ciphers ssl context option --- ext/openssl/openssl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 952bd75927ff5..282887a7011d5 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -5159,8 +5159,12 @@ SSL *php_SSL_new_from_context(SSL_CTX *ctx, php_stream *stream TSRMLS_DC) /* {{{ cipherlist = "DEFAULT"; } if (SSL_CTX_set_cipher_list(ctx, cipherlist) != 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set cipher list `%s'", cipherlist); return NULL; } + if (GET_VER_OPT("honor_server_ciphers")) { + SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); + } GET_VER_OPT_STRING("local_cert", certfile); if (certfile) {