Allow specifying cipher suites instead of single ciphers (#343)

* Allow specifying cipher suites instead of single ciphers. CipherName now specifies all cipher suites instead of the preferred cipher. This allows insecure ciphers like RC4 to be permanently disabled, instead of being the default fallback when the preferred cipher is unsupported. CipherName is now left for OpenSSL to verify. Should it be invalid, a secure default is used. The default CipherName setting for new servers is one such invalid string: "~DEFAULT~". This allows for future updates to change the default and the servers can stay secure. * Remove unused temporary variable.
2025-07-07 08:14:58 +03:00 · 2018-02-07 15:13:41 -08:00
parent 8cafa07d9c
commit 56c4582da8
5 changed files with 9 additions and 43 deletions
--- a/src/Cedar/Server.c
+++ b/src/Cedar/Server.c
@ -6054,10 +6054,7 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
 		if (CfgGetStr(f, "CipherName", tmp, sizeof(tmp)))
 		{
 			StrUpper(tmp);
-			if (CheckCipherListName(tmp))
-			{
-				SetCedarCipherList(c, tmp);
-			}
+			SetCedarCipherList(c, tmp);
 		}

 		// Traffic information