Only allow strong ciphers to be used

How fun it will be to keep this list up to date...
2019-08-03 00:16:12 +02:00 · 2019-08-03 00:16:12 +02:00 · ee2a765758
commit ee2a765758
parent 0bdf7ad914
2 changed files with 8 additions and 0 deletions
--- a/src/client/http/Request.cpp
+++ b/src/client/http/Request.cpp
@ -163,6 +163,10 @@ namespace http
 #else
 			curl_easy_setopt(easy, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS | CURLPROTO_HTTP);
 			curl_easy_setopt(easy, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS | CURLPROTO_HTTP);
+#endif
+			curl_easy_setopt(easy, CURLOPT_SSL_CIPHER_LIST, "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256");
+#ifdef REQUEST_USE_CURL_TLSV13CL
+			curl_easy_setopt(easy, CURLOPT_TLS13_CIPHERS, "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256");
 #endif
 			curl_easy_setopt(easy, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
 			curl_easy_setopt(easy, CURLOPT_MAXREDIRS, 10L);
--- a/src/client/http/Request.h
+++ b/src/client/http/Request.h
@ -16,6 +16,10 @@
 # define REQUEST_USE_CURL_MIMEPOST
 #endif

+#if defined(CURL_AT_LEAST_VERSION) && CURL_AT_LEAST_VERSION(7, 61, 0)
+# define REQUEST_USE_CURL_TLSV13CL
+#endif
+
 namespace http
 {
 	class RequestManager;