#define DEFAULT_LISTEN_ADDRSTR "0.0.0.0"
#endif
+#ifdef HAVE_LIBSSL
+#define DEFAULT_CIPHERS "HIGH:!aNULL:@STRENGTH"
+#endif
+#ifdef HAVE_LIBGNUTLS
+#define DEFAULT_CIPHERS "SECURE128"
+#endif
#ifdef SSL_SUPPORT
array_free_wipe(&Conf_SSLOptions.KeyFilePassword);
array_free(&Conf_SSLOptions.ListenPorts);
+
+ free(Conf_SSLOptions.CipherList);
+ Conf_SSLOptions.CipherList = NULL;
}
/**
printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
printf(" ConnectIPv6 = %s\n", yesno_to_str(Conf_ConnectIPv4));
#endif
+ printf(" DefaultUserModes = %s\n", Conf_DefaultUserModes);
printf(" DNS = %s\n", yesno_to_str(Conf_DNS));
#ifdef IDENT
printf(" Ident = %s\n", yesno_to_str(Conf_Ident));
puts("[SSL]");
printf(" CertFile = %s\n", Conf_SSLOptions.CertFile
? Conf_SSLOptions.CertFile : "");
+ printf(" CipherList = %s\n", Conf_SSLOptions.CipherList ?
+ Conf_SSLOptions.CipherList : DEFAULT_CIPHERS);
printf(" DHFile = %s\n", Conf_SSLOptions.DHFile
? Conf_SSLOptions.DHFile : "");
printf(" KeyFile = %s\n", Conf_SSLOptions.KeyFile
#else
Conf_ConnectIPv6 = false;
#endif
+ strcpy(Conf_DefaultUserModes, "");
Conf_DNS = true;
#ifdef IDENTAUTH
Conf_Ident = true;
CheckFileReadable("CertFile", Conf_SSLOptions.CertFile);
CheckFileReadable("DHFile", Conf_SSLOptions.DHFile);
CheckFileReadable("KeyFile", Conf_SSLOptions.KeyFile);
+
+ /* Set the default ciphers if none were configured */
+ if (!Conf_SSLOptions.CipherList)
+ Conf_SSLOptions.CipherList = strdup_warn(DEFAULT_CIPHERS);
#endif
return true;
Conf_ConnectIPv4 = Check_ArgIsTrue(Arg);
return;
}
+ if (strcasecmp(Var, "DefaultUserModes") == 0) {
+ p = Arg;
+ Conf_DefaultUserModes[0] = '\0';
+ while (*p) {
+ if (strchr(Conf_DefaultUserModes, *p)) {
+ /* Mode is already included; ignore it */
+ p++;
+ continue;
+ }
+
+ if (strchr(USERMODES, *p)) {
+ len = strlen(Conf_DefaultUserModes) + 1;
+ assert(len < sizeof(Conf_DefaultUserModes));
+ Conf_DefaultUserModes[len - 1] = *p;
+ Conf_DefaultUserModes[len] = '\0';
+ } else {
+ Config_Error(LOG_WARNING,
+ "%s, line %d: Unknown user mode \"%c\" in \"DefaultUserModes\"!",
+ File, Line, *p);
+ }
+ p++;
+ }
+ return;
+ }
if (strcasecmp(Var, "DNS") == 0) {
Conf_DNS = Check_ArgIsTrue(Arg);
return;
ports_parse(&Conf_SSLOptions.ListenPorts, Line, Arg);
return;
}
+ if (strcasecmp(Var, "CipherList") == 0) {
+ assert(Conf_SSLOptions.CipherList == NULL);
+ Conf_SSLOptions.CipherList = strdup_warn(Arg);
+ return;
+ }
Config_Error_Section(File, Line, Var, "SSL");
}