From 100de3e4ccaab10524821d4262f6a8c3342224f8 Mon Sep 17 00:00:00 2001
From: Alexander Barton <alex@barton.de>
Date: Thu, 16 Oct 2014 13:42:24 +0200
Subject: Update "CipherList" to not enable SSLv3 by default

Idea, initial patch, and testing by Christoph Biedl
<ngircd.anoy@manchmal.in-ulm.de>
---
 src/ngircd/conf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c
index 6692ecbb..5f8c3929 100644
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -88,10 +88,10 @@ static void Init_Server_Struct PARAMS(( CONF_SERVER *Server ));
 #endif
 
 #ifdef HAVE_LIBSSL
-#define DEFAULT_CIPHERS		"HIGH:!aNULL:@STRENGTH"
+#define DEFAULT_CIPHERS		"HIGH:!aNULL:@STRENGTH:!SSLv3"
 #endif
 #ifdef HAVE_LIBGNUTLS
-#define DEFAULT_CIPHERS		"SECURE128"
+#define DEFAULT_CIPHERS		"SECURE128:-VERS-SSL3.0"
 #endif
 
 #ifdef SSL_SUPPORT
-- 
cgit 1.4.1