summaryrefslogtreecommitdiff
path: root/daemon/unbound.c
diff options
context:
space:
mode:
Diffstat (limited to 'daemon/unbound.c')
-rw-r--r--daemon/unbound.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/daemon/unbound.c b/daemon/unbound.c
index 020e453034ad5..4a508c13878b9 100644
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -67,6 +67,7 @@
#ifdef HAVE_GRP_H
#include <grp.h>
#endif
+#include <openssl/ssl.h>
#ifndef S_SPLINT_S
/* splint chokes on this system header file */
@@ -430,6 +431,23 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
if(!(daemon->listen_sslctx = listen_sslctx_create(
cfg->ssl_service_key, cfg->ssl_service_pem, NULL)))
fatal_exit("could not set up listen SSL_CTX");
+ if(cfg->tls_ciphers && cfg->tls_ciphers[0]) {
+ if (!SSL_CTX_set_cipher_list(daemon->listen_sslctx, cfg->tls_ciphers)) {
+ fatal_exit("failed to set tls-cipher %s", cfg->tls_ciphers);
+ }
+ }
+#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
+ if(cfg->tls_ciphersuites && cfg->tls_ciphersuites[0]) {
+ if (!SSL_CTX_set_ciphersuites(daemon->listen_sslctx, cfg->tls_ciphersuites)) {
+ fatal_exit("failed to set tls-ciphersuites %s", cfg->tls_ciphersuites);
+ }
+ }
+#endif
+ if(cfg->tls_session_ticket_keys.first) {
+ if(!listen_sslctx_setup_ticket_keys(daemon->listen_sslctx, cfg->tls_session_ticket_keys.first)) {
+ fatal_exit("could not set session ticket SSL_CTX");
+ }
+ }
}
if(!(daemon->connect_sslctx = connect_sslctx_create(NULL, NULL,
cfg->tls_cert_bundle, cfg->tls_win_cert)))
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-14 20:11:28 +0000