Cipher List Setting (#13)

* Cipher List Setting # Problem can not connect some site. e.g. https://echo.websocket.org https://www.ssllabs.com/ssltest/analyze.html?d=echo.websocket.org Safari can respond 404 but HTTPSClient reset connection by peer # Reason default cipher list `"HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4"` is strict so some server does not reach its requirement. # Fix Able to set cipherList from HTTPSClient it can pass to TCPSSL and then OpenSSL it does not break current program because it uses `cipherList: String? = nil` so exsist code runs exactly it was before. * Simple fix for now Just removed Cipher List Specification otherwise we find clean solution.
ZewoGraveyard · May 9, 2016 · 78629d6 · 78629d6
1 parent 9f4ebf5
commit 78629d6
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/Sources/OpenSSL/ClientContext.swift b/Sources/OpenSSL/ClientContext.swift
@@ -27,17 +27,16 @@ import COpenSSL
 typealias CCallback = @convention(c) Void -> Void
 
 public final class SSLClientContext: Context {
-    public init(verifyBundle: String? = nil, certificate: String? = nil, privateKey: String? = nil, certificateChain: String? = nil) throws {
+    public init(verifyBundle: String? = nil,
+      certificate: String? = nil,
+      privateKey: String? = nil,
+      certificateChain: String? = nil) throws {
 		try super.init(method: .SSLv23, type: .Client)
 
         SSL_CTX_set_verify(context, SSL_VERIFY_PEER, nil)
         SSL_CTX_set_verify_depth(context, 4)
         SSL_CTX_set_options(context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION)
 
-        if SSL_CTX_set_cipher_list(context, "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4") != 1 {
-            throw Context.Error.Certificate(description: lastSSLErrorDescription)
-        }
-
         if SSL_CTX_set_default_verify_paths(context) != 1 {
             throw Context.Error.Certificate(description: lastSSLErrorDescription)
         }