iarv/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-03-28 17:42:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Resolve #621: Config option for allowed SSL ciphers

Browse Source 
In the global section, for example:

    SSLCiphers = ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

https://www.openssl.org/docs/apps/ciphers.html
https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers
This commit is contained in:
J-P Nurmi
2014-10-26 14:49:38 +01:00
parent 4e79702142
commit 3d57ccb738
3 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/Socket.cpp
View File

@@ -16,14 +16,27 @@
#include <znc/User.h>
#include <znc/IRCNetwork.h>
#include <znc/znc.h>
#include <signal.h>
CZNCSock::CZNCSock(int timeout) : Csock(timeout) {
DisableSSLProtocols(EDP_SSL);
#ifdef HAVE_LIBSSL
CString sCipher = CZNC::Get().GetSSLCiphers();
if (!sCipher.empty()) {
SetCipher(sCipher);
}
#endif
}
CZNCSock::CZNCSock(const CString& sHost, u_short port, int timeout) : Csock(sHost, port, timeout) {
DisableSSLProtocols(EDP_SSL);
#ifdef HAVE_LIBSSL
CString sCipher = CZNC::Get().GetSSLCiphers();
if (!sCipher.empty()) {
SetCipher(sCipher);
}
#endif
}
unsigned int CSockManager::GetAnonConnectionCount(const CString &sIP) const {