- Fix #1227: Fix that Unbound control allows weak ciphersuits.

author Wouter Wijngaards <wouter@nlnetlabs.nl>

Mon, 27 Feb 2017 15:24:58 +0000 (15:24 +0000)

committer Wouter Wijngaards <wouter@nlnetlabs.nl>

Mon, 27 Feb 2017 15:24:58 +0000 (15:24 +0000)
author Wouter Wijngaards <wouter@nlnetlabs.nl>
Mon, 27 Feb 2017 15:24:58 +0000 (15:24 +0000)
committer Wouter Wijngaards <wouter@nlnetlabs.nl>
Mon, 27 Feb 2017 15:24:58 +0000 (15:24 +0000)
diff --git a/daemon/remote.c b/daemon/remote.c

index ac057f99deb3c1343eaafcae71f64e2f02d2cee5..abde9e4e688305514b33aa440b8dce92fc3765ce 100644 (file)
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -260,6 +260,8 @@ daemon_remote_create(struct config_file* cfg)
                 return NULL;
         }
  #endif
+       if(!SSL_CTX_set_cipher_list(rc->ctx, "DEFAULT:!CAMELLIA128:!CAMELLIA256:!SEED:!IDEA:!RC4:!3DES:!DES:!MD5:!SHA:!sect283k1:!sect283r1:!sect409k1:!sect409r1:!sect571k1:!sect571r1:!secp256k1:!brainpoolP256r1:!brainpoolP384r1:!brainpoolP512r1"))
+               log_crypto_err("coult not set cipher list with SSL_CTX_set_cipher_list");
  
         if (cfg->remote_control_use_cert == 0) {
                 /* No certificates are requested */
author	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Mon, 27 Feb 2017 15:24:58 +0000 (15:24 +0000)
committer	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Mon, 27 Feb 2017 15:24:58 +0000 (15:24 +0000)