Merge pull request #717 from jpnurmi/ssl-ciphers

Resolve #621: Config option for allowed SSL ciphers
2026-03-28 17:42:41 +01:00 · 2014-10-26 20:50:52 +00:00
parent 6509e26b89 3d57ccb738
commit 19b4dbdaba
3 changed files with 21 additions and 0 deletions
--- a/include/znc/znc.h
+++ b/include/znc/znc.h
@@ -127,6 +127,7 @@ public:
 	unsigned int GetServerThrottle() const { return m_sConnectThrottle.GetTTL() / 1000; }
 	unsigned int GetConnectDelay() const { return m_uiConnectDelay; }
 	bool GetProtectWebSessions() const { return m_bProtectWebSessions; }
+	CString GetSSLCiphers() const { return m_sSSLCiphers; }
 	// !Getters

 	// Static allocator
@@ -209,6 +210,7 @@ protected:
 	CString                m_sStatusPrefix;
 	CString                m_sPidFile;
 	CString                m_sSSLCertFile;
+	CString                m_sSSLCiphers;
 	VCString               m_vsBindHosts;
 	VCString               m_vsTrustedProxies;
 	VCString               m_vsMotd;
--- a/src/Socket.cpp
+++ b/src/Socket.cpp
@@ -16,14 +16,27 @@

 #include <znc/User.h>
 #include <znc/IRCNetwork.h>
+#include <znc/znc.h>
 #include <signal.h>

 CZNCSock::CZNCSock(int timeout) : Csock(timeout) {
 	DisableSSLProtocols(EDP_SSL);
+#ifdef HAVE_LIBSSL
+	CString sCipher = CZNC::Get().GetSSLCiphers();
+	if (!sCipher.empty()) {
+		SetCipher(sCipher);
+	}
+#endif
 }

 CZNCSock::CZNCSock(const CString& sHost, u_short port, int timeout) : Csock(sHost, port, timeout) {
 	DisableSSLProtocols(EDP_SSL);
+#ifdef HAVE_LIBSSL
+	CString sCipher = CZNC::Get().GetSSLCiphers();
+	if (!sCipher.empty()) {
+		SetCipher(sCipher);
+	}
+#endif
 }

 unsigned int CSockManager::GetAnonConnectionCount(const CString &sIP) const {
--- a/src/znc.cpp
+++ b/src/znc.cpp
@@ -475,6 +475,10 @@ bool CZNC::WriteConfig() {
 		config.AddKeyValuePair("StatusPrefix", m_sStatusPrefix.FirstLine());
 	}

+	if (!m_sSSLCiphers.empty()) {
+		config.AddKeyValuePair("SSLCiphers", CString(m_sSSLCiphers));
+	}
+
 	for (unsigned int m = 0; m < m_vsMotd.size(); m++) {
 		config.AddKeyValuePair("Motd", m_vsMotd[m].FirstLine());
 	}
@@ -1075,6 +1079,8 @@ bool CZNC::DoRehash(CString& sError)
 		m_sStatusPrefix = sVal;
 	if (config.FindStringEntry("sslcertfile", sVal))
 		m_sSSLCertFile = sVal;
+	if (config.FindStringEntry("sslciphers", sVal))
+		m_sSSLCiphers = sVal;
 	if (config.FindStringEntry("skin", sVal))
 		SetSkinName(sVal);
 	if (config.FindStringEntry("connectdelay", sVal))