From cd804d8e188fc924f5029b2def4d0a78ac7738bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Grubbstr=C3=B6m=20=28Grubba=29?=
 <grubba@grubba.org>
Date: Wed, 26 Jan 2011 18:15:54 +0100
Subject: [PATCH] Protocols.HTTP.Query: Filter weak SSL-ciphers rather than
 list strong.

---
 lib/modules/Protocols.pmod/HTTP.pmod/Query.pike | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/lib/modules/Protocols.pmod/HTTP.pmod/Query.pike b/lib/modules/Protocols.pmod/HTTP.pmod/Query.pike
index 6d7ece2888..5249d0491d 100644
--- a/lib/modules/Protocols.pmod/HTTP.pmod/Query.pike
+++ b/lib/modules/Protocols.pmod/HTTP.pmod/Query.pike
@@ -196,18 +196,11 @@ protected void connect(string server,int port,int blocking)
      // Create a context
      SSL.context context = SSL.context();
      // Allow only strong crypto
-     context->preferred_suites = ({
-       //Strong ciphersuites.
-       SSL_rsa_with_idea_cbc_sha,
-       SSL_rsa_with_rc4_128_sha,
-       SSL_rsa_with_rc4_128_md5,
-       SSL_rsa_with_3des_ede_cbc_sha,
-#if 0
+     context->preferred_suites -= ({
        //Weaker ciphersuites.
        SSL_rsa_export_with_rc4_40_md5,
        SSL_rsa_export_with_rc2_cbc_40_md5,
        SSL_rsa_export_with_des40_cbc_sha,
-#endif /* 0 */
      });
      context->random = Crypto.Random.random_string;
 
-- 
GitLab