Remove export ciphers from the DEFAULT cipher list

 Changes between 1.0.0q and 1.0.0r [xx XXX xxxx]

  *)

  *) Removed the export ciphers from the DEFAULT ciphers

     [Kurt Roeckx]

 Changes between 1.0.0p and 1.0.0q [15 Jan 2015]

=item B<DEFAULT>

the default cipher list. This is determined at compile time and, as of OpenSSL

1.0.0, is normally B<ALL:!aNULL:!eNULL>. This must be the first cipher string

the default cipher list. This is determined at compile time and

is normally B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>. This must be the firstcipher string

specified.

=item B<COMPLEMENTOFDEFAULT>

 * The following cipher list is used by default. It also is substituted when

 * an application-defined cipher list string starts with 'DEFAULT'.

 */

# define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"

# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"

/*

 * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always

 * starts with a reasonable order, and all we have to do for DEFAULT is

     * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in

     * ALL!)

     */

    {0, SSL_TXT_CMPDEF, 0, SSL_kEDH | SSL_kEECDH, SSL_aNULL, ~SSL_eNULL, 0, 0,

     0, 0, 0, 0},

    {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2,

     SSL_EXP_MASK, 0, 0, 0},

    /*

     * key exchange aliases (some of those using only a single bit here

                 cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl,

                 cp->algo_strength);

#endif

            if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp))

                goto ok;

            if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2)

                goto ok;

            if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))

                continue;

            if (alg_auth && !(alg_auth & cp->algorithm_auth))

                continue;

        }

    ok:

#ifdef CIPHER_DEBUG

        printf("Action = %d\n", rule);

#endif