Add 'ciphersuites' property for TLS 1.3

src/context.c

@@ -436,14 +436,31 @@ static int set_cipher(lua_State *L)
   const char *list = luaL_checkstring(L, 2);
   if (SSL_CTX_set_cipher_list(ctx, list) != 1) {
     lua_pushboolean(L, 0);
-    lua_pushfstring(L, "error setting cipher list (%s)",
+    lua_pushfstring(L, "error setting cipher list (%s)", ERR_reason_error_string(ERR_get_error()));
-      ERR_reason_error_string(ERR_get_error()));
     return 2;
   }
   lua_pushboolean(L, 1);
   return 1;
 }
 
+/**
+ * Set the cipher suites.
+ */
+static int set_ciphersuites(lua_State *L)
+{
+#if defined(TLS1_3_VERSION)
+  SSL_CTX *ctx = lsec_checkcontext(L, 1);
+  const char *list = luaL_checkstring(L, 2);
+  if (SSL_CTX_set_ciphersuites(ctx, list) != 1) {
+    lua_pushboolean(L, 0);
+    lua_pushfstring(L, "error setting cipher list (%s)", ERR_reason_error_string(ERR_get_error()));
+    return 2;
+  }
+#endif
+  lua_pushboolean(L, 1);
+  return 1;
+}
+
 /**
  * Set the depth for certificate checking.
  */
@@ -698,6 +715,7 @@ static luaL_Reg funcs[] = {
   {"setalpn",         set_alpn},
   {"setalpncb",       set_alpn_cb},
   {"setcipher",       set_cipher},
+  {"setciphersuites", set_ciphersuites},
   {"setdepth",        set_depth},
   {"setdhparam",      set_dhparam},
   {"setverify",       set_verify},

src/ssl.lua

@@ -111,6 +111,11 @@ local function newcontext(cfg)
    if cfg.ciphers then
       succ, msg = context.setcipher(ctx, cfg.ciphers)
       if not succ then return nil, msg end
+   end
+   -- Set SSL cipher suites
+   if cfg.ciphersuites then
+      succ, msg = context.setciphersuites(ctx, cfg.ciphersuites)
+      if not succ then return nil, msg end
    end
     -- Set the verification options
    succ, msg = optexec(context.setverify, cfg.verify, ctx)