projects / folly.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 948ec49) | patch
Add support for probabilistically choosing server ciphers
authorAnirudh Ramachandran <avr@fb.com>
Mon, 21 Mar 2016 23:25:46 +0000 (16:25 -0700)
committerFacebook Github Bot 4 <facebook-github-bot-4-bot@fb.com>
Mon, 21 Mar 2016 23:35:22 +0000 (16:35 -0700)
commit0eb9fa392447fbe054508439dbd8bad7ca3c80bc
tree1fe6c5d5fb6e59b48e306f8cb8c0d841b9512b15tree | snapshot
parent948ec49b5a2d1601eae65d19d8da3d2c9d6752e6commit | diff
Add support for probabilistically choosing server ciphers

Summary:Since SSLContextManager sets SSL_OP_CIPHER_SERVER_PREFERENCE on the SSL_CTX
when it creates contexts, we may be unable to accommodate any clients who
prefer a different ciphersuite. Having differently weighted cipher preference
lists allows SSLContext to set a list with a different most-preferred cipher
for some fraction of new handshakes.

Note: resumption will work with the previously negotiated ciphersuite even if
the server doesn't explicitly prefer/support it anymore, provided the cipher is
supported in OpenSSL.

Reviewed By: knekritz

Differential Revision: D3050496

fb-gh-sync-id: 1c3b77ce3af87f939f8b8c6fe72b6a64eeaeeeb4
shipit-source-id: 1c3b77ce3af87f939f8b8c6fe72b6a64eeaeeeb4
folly/io/async/SSLContext.cpp diff | blob | history
folly/io/async/SSLContext.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.