diff options
author | erdgeist <de@gsmk.de> | 2014-05-07 16:52:59 +0200 |
---|---|---|
committer | erdgeist <de@gsmk.de> | 2014-05-07 16:52:59 +0200 |
commit | d2b1eba3f179c1c176bc52e9c539c43845a453c1 (patch) | |
tree | 938d01e8617d8153e75e222a09721cbeb2192954 | |
parent | 11ae08925e5c007eeadbaffc04a62e9d512d75c8 (diff) |
use version-independent cipherlist again
-rwxr-xr-x | vchat-ssl.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/vchat-ssl.c b/vchat-ssl.c index 91b25ba..73a56fa 100755 --- a/vchat-ssl.c +++ b/vchat-ssl.c | |||
@@ -74,10 +74,8 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store ) | |||
74 | SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); | 74 | SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); |
75 | if (getstroption(CF_CIPHERSUITE)) | 75 | if (getstroption(CF_CIPHERSUITE)) |
76 | SSL_CTX_set_cipher_list(ctx, getstroption(CF_CIPHERSUITE)); | 76 | SSL_CTX_set_cipher_list(ctx, getstroption(CF_CIPHERSUITE)); |
77 | else if( OPENSSL_VERSION_NUMBER < 0x10000000L ) | ||
78 | SSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA"); | ||
79 | else | 77 | else |
80 | SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES256-GCM-SHA384"); | 78 | SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA"); |
81 | 79 | ||
82 | SSL_CTX_set_verify_depth (ctx, getintoption(CF_VERIFYSSL)); | 80 | SSL_CTX_set_verify_depth (ctx, getintoption(CF_VERIFYSSL)); |
83 | 81 | ||