OpenSSL: deselect weak ciphers by default (3b5c75ef) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/vtls/openssl.c

+7 −7

Original line number	Diff line number	Diff line
		@@ -1404,7 +1404,7 @@ ossl_connect_step1(struct connectdata *conn,
		int sockindex)
		{
		CURLcode retcode = CURLE_OK;

		char *ciphers;
		struct SessionHandle *data = conn->data;
		SSL_METHOD_QUAL SSL_METHOD *req_method=NULL;
		void *ssl_sessionid=NULL;
		@@ -1629,13 +1629,13 @@ ossl_connect_step1(struct connectdata *conn,
		}
		}

		if(data->set.str[STRING_SSL_CIPHER_LIST]) {
		if(!SSL_CTX_set_cipher_list(connssl->ctx,
		data->set.str[STRING_SSL_CIPHER_LIST])) {
		failf(data, "failed setting cipher list");
		ciphers = data->set.str[STRING_SSL_CIPHER_LIST];
		if(!ciphers)
		ciphers = (char *)DEFAULT_CIPHER_SELECTION;
		if(!SSL_CTX_set_cipher_list(connssl->ctx, ciphers)) {
		failf(data, "failed setting cipher list: %s", ciphers);
		return CURLE_SSL_CIPHER;
		}
		}

		#ifdef USE_TLS_SRP
		if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {

+3 −1

Original line number	Diff line number	Diff line
		@@ -7,7 +7,7 @@
		* \| (__\| \|_\| \| _ <\| \|___
		* \___\|\___/\|_\| \_\_____\|
		*
		* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
		* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
		*
		* This software is licensed as described in the file COPYING, which
		* you should have received as part of this distribution. The terms
		@@ -95,5 +95,7 @@ void Curl_ossl_md5sum(unsigned char tmp, / input */
		#define curlssl_random(x,y,z) Curl_ossl_random(x,y,z)
		#define curlssl_md5sum(a,b,c,d) Curl_ossl_md5sum(a,b,c,d)

		#define DEFAULT_CIPHER_SELECTION "ALL!EXPORT!EXPORT40!EXPORT56!aNULL!LOW!RC4"

		#endif /* USE_SSLEAY */
		#endif /* HEADER_CURL_SSLUSE_H */