From 3d6b568c6e7ddb05a76c336069d6e7ed75cc178b Mon Sep 17 00:00:00 2001
From: Deomid Ryabkov <rojer@cesanta.com>
Date: Thu, 7 Sep 2017 13:51:08 +0300
Subject: [PATCH] Prefer ECDHE with CBC over DHE ciphersuites

PUBLISHED_FROM=4ddfc25af77247fac7e7d04cc0e56d6f3800f87b
---
 mongoose.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mongoose.c b/mongoose.c
index bfe186785..d75993976 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -4898,7 +4898,9 @@ static enum mg_ssl_if_result mg_use_cert(struct mg_ssl_if_ctx *ctx,
 
 static const int mg_s_cipher_list[] = {
     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-- 
GitLab