]>
Commit | Line | Data |
---|---|---|
1 | diff -up openssl-1.0.1e/ssl/ssl.h.weak-ciphers openssl-1.0.1e/ssl/ssl.h | |
2 | --- openssl-1.0.1e/ssl/ssl.h.weak-ciphers 2013-12-18 15:50:40.881620314 +0100 | |
3 | +++ openssl-1.0.1e/ssl/ssl.h 2013-12-18 14:25:25.596566704 +0100 | |
4 | @@ -331,7 +331,7 @@ extern "C" { | |
5 | /* The following cipher list is used by default. | |
6 | * It also is substituted when an application-defined cipher list string | |
7 | * starts with 'DEFAULT'. */ | |
8 | -#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" | |
9 | +#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES" | |
10 | /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always | |
11 | * starts with a reasonable order, and all we have to do for DEFAULT is | |
12 | * throwing out anonymous and unencrypted ciphersuites! |