diff options
| author | corvid <devnull@localhost> | 2015-06-10 22:08:12 +0000 |
|---|---|---|
| committer | corvid <devnull@localhost> | 2015-06-10 22:08:12 +0000 |
| commit | 8395c48df79d75ec9a1961db88bbc8f3bbd530eb (patch) | |
| tree | 9877a1e4365e16a887c426fecb712482fbb3fba6 /dpi | |
| parent | 8fa364fcdaf00545222059bc7a40f0873f743489 (diff) | |
https rm RC4 from cipher list
Diffstat (limited to 'dpi')
| -rw-r--r-- | dpi/https.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/dpi/https.c b/dpi/https.c index da75b9e8..545d6a9b 100644 --- a/dpi/https.c +++ b/dpi/https.c @@ -193,9 +193,11 @@ static void yes_ssl_support(void) if (exit_error == 0){ /* Don't want: eNULL, which has no encryption; aNULL, which has no * authentication; LOW, which as of 2014 use 64 or 56-bit encryption; - * EXPORT40, which uses 40-bit encryption. + * EXPORT40, which uses 40-bit encryption; RC4, for which methods were + * found in 2013 to defeat it somewhat too easily. */ - SSL_CTX_set_cipher_list(ssl_context, "ALL:!aNULL:!eNULL:!LOW:!EXPORT40"); + SSL_CTX_set_cipher_list(ssl_context, + "ALL:!aNULL:!eNULL:!LOW:!EXPORT40:!RC4"); /* Need to do this if we want to have the option of dealing * with self-signed certs |