From: Anthony Minessale <anthm@freeswitch.org>
Date: Mon, 4 Mar 2013 21:16:18 +0000 (-0600)
Subject: omit weak ciphers to prevent hackage
X-Git-Tag: v1.5.1~336
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cc3e75fc625400018a8e7de4b0d70ceca5485485;p=thirdparty%2Ffreeswitch.git

omit weak ciphers to prevent hackage
---

diff --git a/libs/sofia-sip/.update b/libs/sofia-sip/.update
index 0114190bd8..6335ac54bb 100644
--- a/libs/sofia-sip/.update
+++ b/libs/sofia-sip/.update
@@ -1 +1 @@
-Wed Mar  6 12:57:17 CST 2013
+Wed Mar  6 13:01:54 CST 2013
diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c
index 75c11a67e0..616937d7e7 100644
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c
@@ -388,6 +388,8 @@ static int tport_ws_init_primary_secure(tport_primary_t *pri,
 	  goto done;
   }
 
+  SSL_CTX_set_cipher_list(wspri->ssl_ctx, "HIGH:!DSS:!aNULL@STRENGTH");
+
   ret = tport_ws_init_primary(pri, tpn, ai, tags, return_culprit);
 
  done:
diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/ws.c b/libs/sofia-sip/libsofia-sip-ua/tport/ws.c
index f66dcc3016..57515b4a79 100644
--- a/libs/sofia-sip/libsofia-sip-ua/tport/ws.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/ws.c
@@ -91,6 +91,8 @@ void init_ssl(void) {
 		abort();
     }
 
+	SSL_CTX_set_cipher_list(globals.ssl_ctx, "HIGH:!DSS:!aNULL@STRENGTH");
+
 	thread_setup();
 }