Change cipher defaults

[ngircd-alex.git] / src / ngircd / conf.c

diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c
index 9ab66e54cf194b3c7afe68c90104d62e309e8ae1..9c2c912f1d126ee2282653c7ad85d9b2e9f1f91c 100644 (file)
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -93,6 +93,12 @@ static void Init_Server_Struct PARAMS(( CONF_SERVER *Server ));
 #define DEFAULT_LISTEN_ADDRSTR "0.0.0.0"
 #endif
 
+#ifdef HAVE_LIBSSL
+#define DEFAULT_CIPHERS                "HIGH:!aNULL:@STRENGTH"
+#endif
+#ifdef HAVE_LIBGNUTLS
+#define DEFAULT_CIPHERS                "SECURE128"
+#endif
 
 #ifdef SSL_SUPPORT
 
@@ -435,8 +441,8 @@ Conf_Test( void )
        puts("[SSL]");
        printf("  CertFile = %s\n", Conf_SSLOptions.CertFile
                                        ? Conf_SSLOptions.CertFile : "");
-       printf("  CipherList = %s\n", Conf_SSLOptions.CipherList
-                                       ? Conf_SSLOptions.CipherList : "");
+       printf("  CipherList = %s\n", Conf_SSLOptions.CipherList ?
+              Conf_SSLOptions.CipherList : DEFAULT_CIPHERS);
        printf("  DHFile = %s\n", Conf_SSLOptions.DHFile
                                        ? Conf_SSLOptions.DHFile : "");
        printf("  KeyFile = %s\n", Conf_SSLOptions.KeyFile
@@ -1032,6 +1038,10 @@ Read_Config(bool TestOnly, bool IsStarting)
        CheckFileReadable("CertFile", Conf_SSLOptions.CertFile);
        CheckFileReadable("DHFile", Conf_SSLOptions.DHFile);
        CheckFileReadable("KeyFile", Conf_SSLOptions.KeyFile);
+
+       /* Set the default ciphers if none were configured */
+       if (!Conf_SSLOptions.CipherList)
+               Conf_SSLOptions.CipherList = strdup_warn(DEFAULT_CIPHERS);
 #endif
 
        return true;