New option ssl_cipher to specify ciphers for TLSv1.2 and below

author: Tatsuya Kinoshita <tats@debian.org> 2021-02-10 10:20:37 +0000
committer: Tatsuya Kinoshita <tats@debian.org> 2021-02-10 11:01:56 +0000
commit: c01675d34288018e46d8b92aacacac4151a85d8f (patch)
tree: 56a06ebbb3bd787682a429bee9313883117d49ae /url.c
parent: Update ChangeLog (diff)
download: w3m-c01675d34288018e46d8b92aacacac4151a85d8f.tar.gz
w3m-c01675d34288018e46d8b92aacacac4151a85d8f.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/url.c b/url.c
index 5cb171d..c7eeb16 100644
--- a/url.c
+++ b/url.c
@@ -336,9 +336,11 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
 #endif
 	if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method())))
 	    goto eend;
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
-	SSL_CTX_set_cipher_list(ssl_ctx, "DEFAULT:!LOW:!RC4:!EXP");
-#endif
+	if (ssl_cipher && *ssl_cipher != '\0')
+	    if (!SSL_CTX_set_cipher_list(ssl_ctx, ssl_cipher)) {
+		free_ssl_ctx();
+		goto eend;
+	    }
 	option = SSL_OP_ALL;
 	if (ssl_forbid_method) {
 	    if (strchr(ssl_forbid_method, '2'))
author	Tatsuya Kinoshita <tats@debian.org>	2021-02-10 10:20:37 +0000
committer	Tatsuya Kinoshita <tats@debian.org>	2021-02-10 11:01:56 +0000
commit	c01675d34288018e46d8b92aacacac4151a85d8f (patch)
tree	56a06ebbb3bd787682a429bee9313883117d49ae /url.c
parent	Update ChangeLog (diff)
download	w3m-c01675d34288018e46d8b92aacacac4151a85d8f.tar.gz w3m-c01675d34288018e46d8b92aacacac4151a85d8f.zip