Commit Diff
Diff:
7b58538074ad947ab493c45206cec61eae681f7c
100de3e4ccaab10524821d4262f6a8c3342224f8
Commit:
100de3e4ccaab10524821d4262f6a8c3342224f8
Tree:
6dfaed78f970de97d577a9f2e47792ab84a973eb
Author:
Alexander Barton <alex@barton.de>
Committer:
Alexander Barton <alex@barton.de>
Date:
Thu Oct 16 11:42:24 2014 UTC
Message:
Update "CipherList" to not enable SSLv3 by default Idea, initial patch, and testing by Christoph Biedl
blob - 1d07822c5b405e748af8da30f13c397837afa8fc
blob + b5db1d9e1edffa5af2070dfc27bf9fa990590ce6
--- doc/sample-ngircd.conf.tmpl
+++ doc/sample-ngircd.conf.tmpl
@@ -259,9 +259,9 @@
# See 'man 1ssl ciphers' (OpenSSL) or 'man 3 gnutls_priority_init'
# (GnuTLS) for details.
# For OpenSSL:
- ;CipherList = HIGH:!aNULL:@STRENGTH
+ ;CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3
# For GnuTLS:
- ;CipherList = SECURE128
+ ;CipherList = SECURE128:-VERS-SSL3.0
# Diffie-Hellman parameters
;DHFile = :ETCDIR:/ssl/dhparams.pem
blob - 9b2ed08259b3e0ea2b2fd95c3f6ad5a7382e00e6
blob + 0d57f902d46c4b5a0fb5f8cc3651a4030694554b
--- man/ngircd.conf.5.tmpl
+++ man/ngircd.conf.5.tmpl
@@ -1,7 +1,7 @@
.\"
.\" ngircd.conf(5) manual page template
.\"
-.TH ngircd.conf 5 "Jan 2014" ngIRCd "ngIRCd Manual"
+.TH ngircd.conf 5 "Oct 2014" ngIRCd "ngIRCd Manual"
.SH NAME
ngircd.conf \- configuration file of ngIRCd
.SH SYNOPSIS
@@ -375,7 +375,7 @@ SSL Certificate file of the private server key.
.TP
\fBCipherList\fR (string)
Select cipher suites allowed for SSL/TLS connections. This defaults to
-"HIGH:!aNULL:@STRENGTH" (OpenSSL) or "SECURE128" (GnuTLS).
+"HIGH:!aNULL:@STRENGTH:!SSLv3" (OpenSSL) or "SECURE128:-VERS-SSL3.0" (GnuTLS).
Please see 'man 1ssl ciphers' (OpenSSL) and 'man 3 gnutls_priority_init'
(GnuTLS) for details.
.TP
blob - 6692ecbbdd8b5f8bb21f981fec5981acfb21e3a9
blob + 5f8c392976d2c377e4d35e6799ec81936916c4b4
--- src/ngircd/conf.c
+++ src/ngircd/conf.c
@@ -88,10 +88,10 @@ static void Init_Server_Struct PARAMS(( CONF_SERVER *S
#endif
#ifdef HAVE_LIBSSL
-#define DEFAULT_CIPHERS "HIGH:!aNULL:@STRENGTH"
+#define DEFAULT_CIPHERS "HIGH:!aNULL:@STRENGTH:!SSLv3"
#endif
#ifdef HAVE_LIBGNUTLS
-#define DEFAULT_CIPHERS "SECURE128"
+#define DEFAULT_CIPHERS "SECURE128:-VERS-SSL3.0"
#endif
#ifdef SSL_SUPPORT
IRCNow