Set secure wss cipher list (#3885)

* Set secure wss cipher list

* Update src/components/transport_manager/src/cloud/websocket_client_connection.cc

Co-authored-by: Jacob Keeler <jacob.keeler@livioradio.com>

Co-authored-by: Jacob Keeler <jacob.keeler@livioradio.com>

1 files changed, 9 insertions, 1 deletions

diff --git a/src/components/transport_manager/src/cloud/websocket_client_connection.cc b/src/components/transport_manager/src/cloud/websocket_client_connection.cc
index e0fcbd983b..6a28c6a7ff 100644
--- a/src/components/transport_manager/src/cloud/websocket_client_connection.cc
+++ b/src/components/transport_manager/src/cloud/websocket_client_connection.cc
@@ -50,7 +50,7 @@ WebsocketClientConnection::WebsocketClientConnection(
     , resolver_(ioc_)
     , ws_(ioc_)
 #ifdef ENABLE_SECURITY
-    , ctx_(ssl::context::sslv23_client)
+    , ctx_(ssl::context::tlsv12_client)
     , wss_(ioc_, ctx_)
 #endif  // ENABLE_SECURITY
     , shutdown_(false)
@@ -59,6 +59,14 @@ WebsocketClientConnection::WebsocketClientConnection(
     , device_uid_(device_uid)
     , app_handle_(app_handle)
     , io_pool_(1) {
+#ifdef ENABLE_SECURITY
+  const char* wss_ciphers =
+      "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-"
+      "CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-"
+      "SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-"
+      "AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
+  SSL_CTX_set_cipher_list(ctx_.native_handle(), wss_ciphers);
+#endif
 }
 
 WebsocketClientConnection::~WebsocketClientConnection() {