From 892f37ee2a459c655168ca8f02043ae0ba6be624 Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Wed, 16 Dec 2020 19:41:48 +0900
Subject: Use the default ciphers for OpenSSL 1.1 and later

cf. https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674
    https://src.fedoraproject.org/rpms/w3m/blob/36f14df378762a3a03a6a724583ca5b0ff618ed5/f/Fix-the-cipher-list-string-to-ensure-that-it-contain.patch
    https://fedoraproject.org/wiki/Packaging:CryptoPolicies
---
 url.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'url.c')

diff --git a/url.c b/url.c
index 618f168..5cb171d 100644
--- a/url.c
+++ b/url.c
@@ -336,7 +336,9 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
 #endif
 	if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method())))
 	    goto eend;
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
 	SSL_CTX_set_cipher_list(ssl_ctx, "DEFAULT:!LOW:!RC4:!EXP");
+#endif
 	option = SSL_OP_ALL;
 	if (ssl_forbid_method) {
 	    if (strchr(ssl_forbid_method, '2'))
-- 
cgit v1.2.3