I am trying to deny some ciphers from usage.
My code can be summed up as:
boost::asio::ssl::context mSSLContext( aIOService, boost::asio::ssl::context::tlsv12_server );
mSSLContext.set_password_callback( boost::bind( &Server::getSSLPassword, this ) );
mSSLContext.use_certificate_chain_file( aSSLCACertPath );
mSSLContext.use_certificate_file( aSSLPublicCertPath, boost::asio::ssl::context::pem );
mSSLContext.use_private_key_file( aSSLPrivateKeyPath, boost::asio::ssl::context::pem );
mSSLContext.use_tmp_dh_file( aSSLDHFilePath );
mSSLContext.set_verify_mode( boost::asio::ssl::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert );
mSSLContext.set_verify_callback( boost::bind( &Server::verifyCertificate, this, _1, _2 ) );
int rc = SSL_CTX_set_cipher_list( mSSLContext.native_handle(), "AES256-SHA:!DHE-RSA-CAMELLIA256-SHA");
assert(0 != rc);
But for some reason the server still offers DHE-RSA-CAMELLIA256-SHA cipher.
I am using https://github.com/drwetter/testssl.sh tool for verification.
Does anyone know why SSL_CTX_set_cipher_list have no effect?
