summaryrefslogtreecommitdiff
path: root/usr.sbin/relayd/relay.c
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2007-02-24 15:48:55 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2007-02-24 15:48:55 +0000
commitdea580a9986dc2431d84eb0bc9d0d21ad14781cf (patch)
treeb55cf3fb10f00f1c04c3a75abad663e7980161da /usr.sbin/relayd/relay.c
parent008c5403bf676c8c15de14562f346b2408425e99 (diff)
disable SSLv2 and use "HIGH" crypto cipher suites by default.
suggested by dlg@
Diffstat (limited to 'usr.sbin/relayd/relay.c')
-rw-r--r--usr.sbin/relayd/relay.c14
1 files changed, 6 insertions, 8 deletions
diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c
index 6078d36d891..00d82e90b2f 100644
--- a/usr.sbin/relayd/relay.c
+++ b/usr.sbin/relayd/relay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: relay.c,v 1.3 2007/02/24 00:22:32 reyk Exp $ */
+/* $OpenBSD: relay.c,v 1.4 2007/02/24 15:48:54 reyk Exp $ */
/*
* Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org>
@@ -1589,7 +1589,7 @@ relay_ssl_ctx_create(struct relay *rlay)
{
struct protocol *proto = rlay->proto;
SSL_CTX *ctx;
- char certfile[PATH_MAX], hbuf[128];
+ char certfile[PATH_MAX], hbuf[128], *ciphers = NULL;
ctx = SSL_CTX_new(SSLv23_method());
if (ctx == NULL)
@@ -1619,12 +1619,10 @@ relay_ssl_ctx_create(struct relay *rlay)
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
/* Change the default SSL cipher suite, if specified */
- if (proto->sslciphers != NULL) {
- log_debug("relay_ssl_ctx_create: ciphers '%s'",
- proto->sslciphers);
- if (!SSL_CTX_set_cipher_list(ctx, proto->sslciphers))
- goto err;
- }
+ if ((ciphers = proto->sslciphers) == NULL)
+ ciphers = SSLCIPHERS_DEFAULT;
+ if (!SSL_CTX_set_cipher_list(ctx, ciphers))
+ goto err;
if (relay_host(&rlay->ss, hbuf, sizeof(hbuf)) == NULL)
goto err;