1 files changed, 10 insertions, 7 deletions

diff --git a/dpi/https.c b/dpi/https.c
index da75b9e8..766b3afb 100644
--- a/dpi/https.c
+++ b/dpi/https.c
@@ -22,11 +22,12 @@
  * (at your option) any later version.
  *
  * As a special exception permission is granted to link the code of
- * the https dillo plugin with the OpenSSL project's "OpenSSL"
- * library, and distribute the linked executables, without including
- * the source code for OpenSSL in the source distribution. You must
- * obey the GNU General Public License, version 3, in all respects
- * for all of the code used other than "OpenSSL".
+ * the https dillo plugin with the OpenSSL project's OpenSSL library
+ * (or a modified version of that library), and distribute the linked
+ * executables, without including the source code for the SSL library
+ * in the source distribution. You must obey the GNU General Public
+ * License, version 3, in all respects for all of the code used other
+ * than the SSL library.
  *
  */
 
@@ -193,9 +194,11 @@ static void yes_ssl_support(void)
    if (exit_error == 0){
       /* Don't want: eNULL, which has no encryption; aNULL, which has no
        * authentication; LOW, which as of 2014 use 64 or 56-bit encryption;
-       * EXPORT40, which uses 40-bit encryption.
+       * EXPORT40, which uses 40-bit encryption; RC4, for which methods were
+       * found in 2013 to defeat it somewhat too easily.
        */
-      SSL_CTX_set_cipher_list(ssl_context, "ALL:!aNULL:!eNULL:!LOW:!EXPORT40");
+      SSL_CTX_set_cipher_list(ssl_context,
+                              "ALL:!aNULL:!eNULL:!LOW:!EXPORT40:!RC4");
 
       /* Need to do this if we want to have the option of dealing
        * with self-signed certs