From cb16d84c66b6040ca668b2e23ad4e740a3f3d0af Mon Sep 17 00:00:00 2001
From: Andrew Thompson <andrew@hijacked.us>
Date: Mon, 21 Oct 2013 23:19:34 -0400
Subject: Implement 'honor_cipher_order' SSL server-side option

HonorCipherOrder as implemented in Apache, nginx, lighttpd, etc. This
instructs the server to prefer its own cipher ordering rather than the
client's and can help protect against things like BEAST while
maintaining compatability with clients which only support older ciphers.

This code is mostly written by Andrew Thompson, only the test case was
added by Andreas Schultz.
---
 lib/ssl/doc/src/ssl.xml | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib/ssl/doc/src/ssl.xml')

diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 80ef419fb7..910dca3889 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -460,6 +460,10 @@ fun(srp, Username :: string(), UserState :: term()) ->
       </item>
       <tag>{log_alert, boolean()}</tag>
       <item>If false, error reports will not be displayed.</item>
+      <tag>{honor_cipher_order, boolean()}</tag>
+      <item>If true, use the server's preference for cipher selection. If false
+      (the default), use the client's preference.
+      </item>
     </taglist>
   </section>
   
-- 
cgit v1.2.3