From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Mon, 27 Feb 2017 15:24:58 +0000 (+0000)
Subject: - Fix #1227: Fix that Unbound control allows weak ciphersuits.
X-Git-Tag: release-1.6.2rc1~85
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=791767d62f8f4678a21519001e3282cdca06da68;p=thirdparty%2Funbound.git

- Fix #1227: Fix that Unbound control allows weak ciphersuits.


git-svn-id: file:///svn/unbound/trunk@4029 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/daemon/remote.c b/daemon/remote.c
index ac057f99d..abde9e4e6 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -260,6 +260,8 @@ daemon_remote_create(struct config_file* cfg)
 		return NULL;
 	}
 #endif
+	if(!SSL_CTX_set_cipher_list(rc->ctx, "DEFAULT:!CAMELLIA128:!CAMELLIA256:!SEED:!IDEA:!RC4:!3DES:!DES:!MD5:!SHA:!sect283k1:!sect283r1:!sect409k1:!sect409r1:!sect571k1:!sect571r1:!secp256k1:!brainpoolP256r1:!brainpoolP384r1:!brainpoolP512r1"))
+		log_crypto_err("coult not set cipher list with SSL_CTX_set_cipher_list");
 
 	if (cfg->remote_control_use_cert == 0) {
 		/* No certificates are requested */