net_ssl: SSL config tweaks for compatibility and security

add two RSA based ciphers for Windows/depends compatibility also enforce server cipher ordering also set ECDH to auto because vtnerd says it is good :) When built with the depends system, openssl does not include any cipher on the current whitelist, so add this one, which fixes the problem, and does seem sensible.
author: moneromooo-monero <moneromooo-monero@users.noreply.github.com> 2019-05-01 22:01:53 +0000
committer: moneromooo-monero <moneromooo-monero@users.noreply.github.com> 2019-05-07 10:01:42 +0000
commit: a62e0725715a7ce2bacf0487379130a402c7a3dd (patch)
tree: 3918901db36aac5ee4efe3e301a3bd2373396a54 /contrib/epee/include
parent: Merge pull request #5497 (diff)
download: monero-a62e0725715a7ce2bacf0487379130a402c7a3dd.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/contrib/epee/include/net/net_ssl.h b/contrib/epee/include/net/net_ssl.h
index 5ef2ff59d..3a97dfdaf 100644
--- a/contrib/epee/include/net/net_ssl.h
+++ b/contrib/epee/include/net/net_ssl.h
@@ -135,6 +135,9 @@ namespace net_utils
 	constexpr size_t get_ssl_magic_size() { return 9; }
 	bool is_ssl(const unsigned char *data, size_t len);
 	bool ssl_support_from_string(ssl_support_t &ssl, boost::string_ref s);
+
+	bool create_ec_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert);
+	bool create_rsa_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert);
 }
 }
author	moneromooo-monero <moneromooo-monero@users.noreply.github.com>	2019-05-01 22:01:53 +0000
committer	moneromooo-monero <moneromooo-monero@users.noreply.github.com>	2019-05-07 10:01:42 +0000
commit	a62e0725715a7ce2bacf0487379130a402c7a3dd (patch)
tree	3918901db36aac5ee4efe3e301a3bd2373396a54 /contrib/epee/include
parent	Merge pull request #5497 (diff)
download	monero-a62e0725715a7ce2bacf0487379130a402c7a3dd.tar.xz