diff options
| author | Tatsuya Kinoshita <tats@debian.org> | 2020-12-16 10:41:48 +0000 |
|---|---|---|
| committer | Tatsuya Kinoshita <tats@debian.org> | 2020-12-16 10:41:48 +0000 |
| commit | 892f37ee2a459c655168ca8f02043ae0ba6be624 (patch) | |
| tree | b2ef658125154f9a0ad5d544b061441b44ecbf4d | |
| parent | Update ChangeLog (diff) | |
| download | w3m-892f37ee2a459c655168ca8f02043ae0ba6be624.tar.gz w3m-892f37ee2a459c655168ca8f02043ae0ba6be624.zip | |
Use the default ciphers for OpenSSL 1.1 and later
cf. https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674
https://src.fedoraproject.org/rpms/w3m/blob/36f14df378762a3a03a6a724583ca5b0ff618ed5/f/Fix-the-cipher-list-string-to-ensure-that-it-contain.patch
https://fedoraproject.org/wiki/Packaging:CryptoPolicies
| -rw-r--r-- | url.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -336,7 +336,9 @@ openSSLHandle(int sock, char *hostname, char **p_cert) #endif if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method()))) goto eend; +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) SSL_CTX_set_cipher_list(ssl_ctx, "DEFAULT:!LOW:!RC4:!EXP"); +#endif option = SSL_OP_ALL; if (ssl_forbid_method) { if (strchr(ssl_forbid_method, '2')) |