diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-11 16:46:31 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-11 16:46:31 +0000 |
| commit | e0d38508fc8b6bc3915b2235a85a068eacfb87bf (patch) | |
| tree | 75de5a3a58d59b983ce82cde4f631a318cd6f13f /src/tls.h | |
| parent | Releasing progress-linux version 1.61.0-1~progress7.99u1. (diff) | |
| download | nghttp2-e0d38508fc8b6bc3915b2235a85a068eacfb87bf.tar.xz nghttp2-e0d38508fc8b6bc3915b2235a85a068eacfb87bf.zip | |
Merging upstream version 1.62.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/tls.h')
| -rw-r--r-- | src/tls.h | 12 |
1 files changed, 8 insertions, 4 deletions
@@ -28,11 +28,14 @@ #include "nghttp2_config.h" #include <cinttypes> +#include <string_view> #include <openssl/ssl.h> #include "ssl_compat.h" +using namespace std::literals; + namespace nghttp2 { namespace tls { @@ -41,19 +44,20 @@ namespace tls { // suites for TLSv1.2 by mozilla. // // https://wiki.mozilla.org/Security/Server_Side_TLS -constexpr char DEFAULT_CIPHER_LIST[] = +constexpr auto DEFAULT_CIPHER_LIST = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-" "AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-" "POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-" - "AES256-GCM-SHA384"; + "AES256-GCM-SHA384"sv; // Recommended general purpose "Modern compatibility" cipher suites // for TLSv1.3 by mozilla. // // https://wiki.mozilla.org/Security/Server_Side_TLS -constexpr char DEFAULT_TLS13_CIPHER_LIST[] = +constexpr auto DEFAULT_TLS13_CIPHER_LIST = #if defined(NGHTTP2_GENUINE_OPENSSL) || defined(NGHTTP2_OPENSSL_IS_LIBRESSL) - "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" + "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:" + "TLS_CHACHA20_POLY1305_SHA256"sv #else // !NGHTTP2_GENUINE_OPENSSL && !NGHTTP2_OPENSSL_IS_LIBRESSL "" #endif // !NGHTTP2_GENUINE_OPENSSL && !NGHTTP2_OPENSSL_IS_LIBRESSL |