m_ssl_openssl: Allow the list of available ciphers to be customized.

This patch was contributed almost 10 months ago via IRC, by spender.
author: Robby- <robbyke@gmail.com> 2012-06-27 20:49:37 +0200
committer: Robby- <robbyke@gmail.com> 2012-06-27 20:49:37 +0200
commit: 230f6f87aec8b1e0920091c44f149fdc3fced377 (patch)
tree: 5b7ae40448e7198fc7f8467f79d87ae92dc7ada2 /src/modules/extra
parent: 0525ed7d57eff97b0063961d0d8e6add64f697b0 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 6413c89f6..fa9442a00 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -198,6 +198,13 @@ class ModuleSSLOpenSSL : public Module
 			throw ModuleException("Unknown hash type " + hash);
 		use_sha = (hash == "sha1");
 
+		std::string ciphers = conf->getString("ciphers", "ALL");
+		if ((!SSL_CTX_set_cipher_list(ctx, ciphers.c_str())) || (!SSL_CTX_set_cipher_list(clictx, ciphers.c_str())))
+		{
+			ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't set cipher list to %s.", ciphers.c_str());
+			ERR_print_errors_cb(error_callback, this);
+		}
+
 
 		/* Load our keys and certificates
 		 * NOTE: OpenSSL's error logging API sucks, don't blame us for this clusterfuck.
author	Robby- <robbyke@gmail.com>	2012-06-27 20:49:37 +0200
committer	Robby- <robbyke@gmail.com>	2012-06-27 20:49:37 +0200
commit	230f6f87aec8b1e0920091c44f149fdc3fced377 (patch)
tree	5b7ae40448e7198fc7f8467f79d87ae92dc7ada2 /src/modules/extra
parent	0525ed7d57eff97b0063961d0d8e6add64f697b0 (diff)