#define DEFAULT_LISTEN_ADDRSTR "0.0.0.0"
#endif
+#ifdef HAVE_LIBSSL
+#define DEFAULT_CIPHERS "HIGH:!aNULL:@STRENGTH"
+#endif
+#ifdef HAVE_LIBGNUTLS
+#define DEFAULT_CIPHERS "SECURE128"
+#endif
#ifdef SSL_SUPPORT
puts("[SSL]");
printf(" CertFile = %s\n", Conf_SSLOptions.CertFile
? Conf_SSLOptions.CertFile : "");
- printf(" CipherList = %s\n", Conf_SSLOptions.CipherList
- ? Conf_SSLOptions.CipherList : "");
+ printf(" CipherList = %s\n", Conf_SSLOptions.CipherList ?
+ Conf_SSLOptions.CipherList : DEFAULT_CIPHERS);
printf(" DHFile = %s\n", Conf_SSLOptions.DHFile
? Conf_SSLOptions.DHFile : "");
printf(" KeyFile = %s\n", Conf_SSLOptions.KeyFile
/* "Short" connection, enforce "ConnectRetry"
* but randomize it a little bit: 15 seconds. */
Conf_Server[i].lasttry =
+#ifdef HAVE_ARC4RANDOM
+ t + (arc4random() % 15);
+#else
t + rand() / (RAND_MAX / 15);
+#endif
}
}
}
CheckFileReadable("CertFile", Conf_SSLOptions.CertFile);
CheckFileReadable("DHFile", Conf_SSLOptions.DHFile);
CheckFileReadable("KeyFile", Conf_SSLOptions.KeyFile);
+
+ /* Set the default ciphers if none were configured */
+ if (!Conf_SSLOptions.CipherList)
+ Conf_SSLOptions.CipherList = strdup_warn(DEFAULT_CIPHERS);
#endif
return true;