From 33293bcd5af9b643b9486990033664da6f628eb7 Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Tue, 8 Oct 2013 21:24:10 +0900 Subject: [PATCH] LibsslTLSContext: Remove weak cipher suite --- src/LibsslTLSContext.cc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/LibsslTLSContext.cc b/src/LibsslTLSContext.cc index 8d734cce..c6543b15 100644 --- a/src/LibsslTLSContext.cc +++ b/src/LibsslTLSContext.cc @@ -98,6 +98,7 @@ OpenSSLTLSContext::OpenSSLTLSContext(TLSSessionSide side) good_ = false; A2_LOG_ERROR(fmt("SSL_CTX_new() failed. Cause: %s", ERR_error_string(ERR_get_error(), 0))); + return; } // Disable SSLv2 and enable all workarounds for buggy servers SSL_CTX_set_options(sslCtx_, SSL_OP_ALL | SSL_OP_NO_SSLv2 @@ -111,6 +112,11 @@ OpenSSLTLSContext::OpenSSLTLSContext(TLSSessionSide side) /* keep memory usage low */ SSL_CTX_set_mode(sslCtx_, SSL_MODE_RELEASE_BUFFERS); #endif + if(SSL_CTX_set_cipher_list(sslCtx_, "HIGH:!aNULL:!eNULL") == 0) { + good_ = false; + A2_LOG_ERROR(fmt("SSL_CTX_set_cipher_list() failed. Cause: %s", + ERR_error_string(ERR_get_error(), nullptr))); + } } OpenSSLTLSContext::~OpenSSLTLSContext()