When choosing a cipher, use the server's preferences.
diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c
index 302dab3..c06557e 100644
--- a/lib/libwebsockets.c
+++ b/lib/libwebsockets.c
@@ -2730,6 +2730,7 @@
}
SSL_CTX_set_options(context->ssl_ctx, SSL_OP_NO_COMPRESSION);
+ SSL_CTX_set_options(context->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
/* client context */
@@ -2749,6 +2750,7 @@
}
SSL_CTX_set_options(context->ssl_client_ctx, SSL_OP_NO_COMPRESSION);
+ SSL_CTX_set_options(context->ssl_client_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
/* openssl init for cert verification (for client sockets) */
if (!ssl_ca_filepath) {