]> arthur.barton.de Git - ngircd-alex.git/blobdiff - src/ngircd/conf.c
projects / ngircd-alex.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Change cipher defaults
[ngircd-alex.git] / src / ngircd / conf.c
diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c
index b10f4905c9ec7befb08b5b5717cc6397cc48bea9..9c2c912f1d126ee2282653c7ad85d9b2e9f1f91c 100644 (file)
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -93,6 +93,12 @@ static void Init_Server_Struct PARAMS(( CONF_SERVER *Server ));
 #define DEFAULT_LISTEN_ADDRSTR "0.0.0.0"
 #endif
 
+#ifdef HAVE_LIBSSL
+#define DEFAULT_CIPHERS                "HIGH:!aNULL:@STRENGTH"
+#endif
+#ifdef HAVE_LIBGNUTLS
+#define DEFAULT_CIPHERS                "SECURE128"
+#endif
 
 #ifdef SSL_SUPPORT
 
@@ -117,6 +123,9 @@ ConfSSL_Init(void)
        array_free_wipe(&Conf_SSLOptions.KeyFilePassword);
 
        array_free(&Conf_SSLOptions.ListenPorts);
+
+       free(Conf_SSLOptions.CipherList);
+       Conf_SSLOptions.CipherList = NULL;
 }
 
 /**
@@ -432,6 +441,8 @@ Conf_Test( void )
        puts("[SSL]");
        printf("  CertFile = %s\n", Conf_SSLOptions.CertFile
                                        ? Conf_SSLOptions.CertFile : "");
+       printf("  CipherList = %s\n", Conf_SSLOptions.CipherList ?
+              Conf_SSLOptions.CipherList : DEFAULT_CIPHERS);
        printf("  DHFile = %s\n", Conf_SSLOptions.DHFile
                                        ? Conf_SSLOptions.DHFile : "");
        printf("  KeyFile = %s\n", Conf_SSLOptions.KeyFile
@@ -1027,6 +1038,10 @@ Read_Config(bool TestOnly, bool IsStarting)
        CheckFileReadable("CertFile", Conf_SSLOptions.CertFile);
        CheckFileReadable("DHFile", Conf_SSLOptions.DHFile);
        CheckFileReadable("KeyFile", Conf_SSLOptions.KeyFile);
+
+       /* Set the default ciphers if none were configured */
+       if (!Conf_SSLOptions.CipherList)
+               Conf_SSLOptions.CipherList = strdup_warn(DEFAULT_CIPHERS);
 #endif
 
        return true;
@@ -1869,6 +1884,11 @@ Handle_SSL(const char *File, int Line, char *Var, char *Arg)
                ports_parse(&Conf_SSLOptions.ListenPorts, Line, Arg);
                return;
        }
+       if (strcasecmp(Var, "CipherList") == 0) {
+               assert(Conf_SSLOptions.CipherList == NULL);
+               Conf_SSLOptions.CipherList = strdup_warn(Arg);
+               return;
+       }
 
        Config_Error_Section(File, Line, Var, "SSL");
 }
Alex' ngIRCd development repository