Skip to content
Browse files

Disable weak ciphers in OpenSSL driver.

  • Loading branch information...
1 parent cf04b03 commit be1d44bb79ebda2f1bac3b86e62493053c7bfbdb @rraptorr committed with badlop Sep 19, 2011
Showing with 3 additions and 0 deletions.
  1. +3 −0 c_src/exmpp_tls_openssl.c
View
3 c_src/exmpp_tls_openssl.c
@@ -22,6 +22,7 @@
#include "exmpp_tls.h"
#define DRIVER_NAME exmpp_tls_openssl
+#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2"
#define BUF_SIZE 1024
@@ -601,6 +602,8 @@ init_library(struct exmpp_tls_openssl_data *edd,
// SSL 2.0 is deprecated for many years
SSL_CTX_set_options(edd->ctx, SSL_OP_NO_SSLv2);
+ SSL_CTX_set_cipher_list(edd->ctx, CIPHERS);
+
/*
* Since sessions are cached in SSL_CTX and currently new context
* is used for every connection, then session caching makes little

0 comments on commit be1d44b

Please sign in to comment.
Something went wrong with that request. Please try again.