repo: ngircd
action: commit
revision: 
path_from: 
revision_from: 100de3e4ccaab10524821d4262f6a8c3342224f8:
path_to: 
revision_to:
git.thebackupbox.net
ngircd
git clone git://git.thebackupbox.net/ngircd
commit 100de3e4ccaab10524821d4262f6a8c3342224f8
Author: Alexander Barton 
Date:   Thu Oct 16 13:42:24 2014 +0200

    Update "CipherList" to not enable SSLv3 by default

    Idea, initial patch, and testing by Christoph Biedl
    

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index 1d07822c5b405e748af8da30f13c397837afa8fc..
index ..b5db1d9e1edffa5af2070dfc27bf9fa990590ce6 100644
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -259,9 +259,9 @@
 	# See 'man 1ssl ciphers' (OpenSSL) or 'man 3 gnutls_priority_init'
 	# (GnuTLS) for details.
 	# For OpenSSL:
-	;CipherList = HIGH:!aNULL:@STRENGTH
+	;CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3
 	# For GnuTLS:
-	;CipherList = SECURE128
+	;CipherList = SECURE128:-VERS-SSL3.0

 	# Diffie-Hellman parameters
 	;DHFile = :ETCDIR:/ssl/dhparams.pem
diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl
index 9b2ed08259b3e0ea2b2fd95c3f6ad5a7382e00e6..
index ..0d57f902d46c4b5a0fb5f8cc3651a4030694554b 100644
--- a/man/ngircd.conf.5.tmpl
+++ b/man/ngircd.conf.5.tmpl
@@ -1,7 +1,7 @@
 .\"
 .\" ngircd.conf(5) manual page template
 .\"
-.TH ngircd.conf 5 "Jan 2014" ngIRCd "ngIRCd Manual"
+.TH ngircd.conf 5 "Oct 2014" ngIRCd "ngIRCd Manual"
 .SH NAME
 ngircd.conf \- configuration file of ngIRCd
 .SH SYNOPSIS
@@ -375,7 +375,7 @@ SSL Certificate file of the private server key.
 .TP
 \fBCipherList\fR (string)
 Select cipher suites allowed for SSL/TLS connections.  This defaults to
-"HIGH:!aNULL:@STRENGTH" (OpenSSL) or "SECURE128" (GnuTLS).
+"HIGH:!aNULL:@STRENGTH:!SSLv3" (OpenSSL) or "SECURE128:-VERS-SSL3.0" (GnuTLS).
 Please see 'man 1ssl ciphers' (OpenSSL) and 'man 3 gnutls_priority_init'
 (GnuTLS) for details.
 .TP
diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c
index 6692ecbbdd8b5f8bb21f981fec5981acfb21e3a9..
index ..5f8c392976d2c377e4d35e6799ec81936916c4b4 100644
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -88,10 +88,10 @@ static void Init_Server_Struct PARAMS(( CONF_SERVER *Server ));
 #endif

 #ifdef HAVE_LIBSSL
-#define DEFAULT_CIPHERS		"HIGH:!aNULL:@STRENGTH"
+#define DEFAULT_CIPHERS		"HIGH:!aNULL:@STRENGTH:!SSLv3"
 #endif
 #ifdef HAVE_LIBGNUTLS
-#define DEFAULT_CIPHERS		"SECURE128"
+#define DEFAULT_CIPHERS		"SECURE128:-VERS-SSL3.0"
 #endif

 #ifdef SSL_SUPPORT

-----END OF PAGE-----