summaryrefslogtreecommitdiff
path: root/ereproxy_config.erl
diff options
context:
space:
mode:
Diffstat (limited to 'ereproxy_config.erl')
-rw-r--r--ereproxy_config.erl14
1 files changed, 12 insertions, 2 deletions
diff --git a/ereproxy_config.erl b/ereproxy_config.erl
index 37423e4..80bf243 100644
--- a/ereproxy_config.erl
+++ b/ereproxy_config.erl
@@ -1,12 +1,14 @@
-module(ereproxy_config).
--export([config/0, select_destination/1]).
+-export([ciphers/0, config/0, select_destination/1]).
-include("ereproxy_config.hrl").
config() ->
#cfg{listen = [{http, 80}, {https, 443}],
ssl_opts = [{certfile, "example/cert.pem"},
- {keyfile, "example/key.pem"}]
+ {keyfile, "example/key.pem"},
+ {versions, [tlsv1, 'tlsv1.1', 'tlsv1.2']},
+ {ciphers, ciphers()}]
}.
%% select_destination
@@ -29,3 +31,11 @@ destination_list() ->
Dash <- ["", "-"],
TLD <- ["com", "de", "net", "eu", "org", "at"] ]
].
+
+ciphers() -> filter_ciphers(ssl:cipher_suites()).
+
+filter_ciphers([{_, '3des_ede_cbc', _} | Rest]) -> filter_ciphers(Rest);
+filter_ciphers([{_, des_cbc, _} | Rest]) -> filter_ciphers(Rest);
+filter_ciphers([{_, rc4_128, _} | Rest]) -> filter_ciphers(Rest);
+filter_ciphers([Cipher | Rest]) -> [Cipher | filter_ciphers(Rest)];
+filter_ciphers([]) -> [].
contact: Jan Huwald // Impressum