guix/gnu/packages/patches/w3m-disable-weak-ciphers.patch
Leo Famulari 62339e2d49 gnu: w3m: Enable SSL, disable broken protocols and ciphers.
Fixes <http://bugs.gnu.org/16791>.

* gnu/packages/patches/w3m-force-ssl_verify_server-on.patch: New file.
* gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch: New file.
* gnu/packages/patches/w3m-disable-weak-ciphers.patch: New file.
* gnu/packages/w3m.scm (w3m)[source]: Add patches.
* gnu-system.am (dist_patch_DATA): Add the new files.
2016-01-07 02:35:38 -05:00

25 lines
631 B
Diff

Subject: Disable weak ciphers
Disable RC4, "export ciphers", and all keys < 128 bits.
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674
---
url.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/url.c b/url.c
index ed6062e..e86b1f3 100644
--- a/url.c
+++ b/url.c
@@ -326,6 +326,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
SSL_load_error_strings();
if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method())))
goto eend;
+ SSL_CTX_set_cipher_list(ssl_ctx, "DEFAULT:!LOW:!RC4:!EXP");
option = SSL_OP_ALL;
if (ssl_forbid_method) {
if (strchr(ssl_forbid_method, '2'))
--
2.6.4