From db69867d4dc9552265cb8117c076edd28b0f5f09 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 8 Nov 2024 10:46:49 +0100
Subject: [PATCH] rest-server: pass cipher suite/list to acceptor
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Reviewed-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 proxmox-rest-server/src/connection.rs | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/proxmox-rest-server/src/connection.rs b/proxmox-rest-server/src/connection.rs
index fbdfe96c..c51bb14c 100644
--- a/proxmox-rest-server/src/connection.rs
+++ b/proxmox-rest-server/src/connection.rs
@@ -78,6 +78,17 @@ impl TlsAcceptorBuilder {
     pub fn build(self) -> Result<SslAcceptor, Error> {
         let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
 
+        if let Some(cipher_suites) = self.cipher_suites.as_deref() {
+            acceptor
+                .set_ciphersuites(cipher_suites)
+                .context("failed to set tls acceptor cipher suites")?;
+        }
+        if let Some(cipher_list) = self.cipher_list.as_deref() {
+            acceptor
+                .set_cipher_list(cipher_list)
+                .context("failed to set tls acceptor cipher list")?;
+        }
+
         match self.tls {
             Some(Tls::KeyCert(key, cert)) => {
                 acceptor