omit weak ciphers to prevent hackage

diff --git a/libs/sofia-sip/.update b/libs/sofia-sip/.update
index 0114190bd80c010aa92af74a10d7d7c64bab6d78..6335ac54bbc05a6ea21efd72b83367dd7b06116a 100644 (file)
--- a/libs/sofia-sip/.update
+++ b/libs/sofia-sip/.update
@@ -1 +1 @@
-Wed Mar  6 12:57:17 CST 2013
+Wed Mar  6 13:01:54 CST 2013

diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c
index 75c11a67e0ffc3cce20bec7db0e0709e34cd63ea..616937d7e762ee83756c0b86a4e65d13fd1e0281 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c
@@ -388,6 +388,8 @@ static int tport_ws_init_primary_secure(tport_primary_t *pri,
          goto done;
   }
 
+  SSL_CTX_set_cipher_list(wspri->ssl_ctx, "HIGH:!DSS:!aNULL@STRENGTH");
+
   ret = tport_ws_init_primary(pri, tpn, ai, tags, return_culprit);
 
  done:

diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/ws.c b/libs/sofia-sip/libsofia-sip-ua/tport/ws.c
index f66dcc3016f3a3ff4d0683b14fe1539e762220de..57515b4a791c85d90169efe9f049d2a1ec70745c 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/ws.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/ws.c
@@ -91,6 +91,8 @@ void init_ssl(void) {
                abort();
     }
 
+       SSL_CTX_set_cipher_list(globals.ssl_ctx, "HIGH:!DSS:!aNULL@STRENGTH");
+
        thread_setup();
 }