mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-11-16 11:55:27 -05:00
62339e2d49
Fixes <http://bugs.gnu.org/16791>. * gnu/packages/patches/w3m-force-ssl_verify_server-on.patch: New file. * gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch: New file. * gnu/packages/patches/w3m-disable-weak-ciphers.patch: New file. * gnu/packages/w3m.scm (w3m)[source]: Add patches. * gnu-system.am (dist_patch_DATA): Add the new files.
24 lines
631 B
Diff
24 lines
631 B
Diff
Subject: Disable weak ciphers
|
|
|
|
Disable RC4, "export ciphers", and all keys < 128 bits.
|
|
|
|
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674
|
|
---
|
|
url.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/url.c b/url.c
|
|
index ed6062e..e86b1f3 100644
|
|
--- a/url.c
|
|
+++ b/url.c
|
|
@@ -326,6 +326,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
|
|
SSL_load_error_strings();
|
|
if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method())))
|
|
goto eend;
|
|
+ SSL_CTX_set_cipher_list(ssl_ctx, "DEFAULT:!LOW:!RC4:!EXP");
|
|
option = SSL_OP_ALL;
|
|
if (ssl_forbid_method) {
|
|
if (strchr(ssl_forbid_method, '2'))
|
|
--
|
|
2.6.4
|
|
|