Skip to content
Blame History Permalink
  • Bodo Möller's avatar
    Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a · 0a05123a
    Bodo Möller authored 
    ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.

Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".
    0a05123a
To find the state of this project's repository at the time of any of these versions, check out the tags.