From 0525ed7d57eff97b0063961d0d8e6add64f697b0 Mon Sep 17 00:00:00 2001
From: Robby- <robbyke@gmail.com>
Date: Wed, 27 Jun 2012 20:49:17 +0200
Subject: m_ssl_openssl: Show the SSL cipher used after connecting. Previously
 only a fingerprint was shown when one was available, else nothing was shown
 at all.

---
 src/modules/extra/m_ssl_openssl.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/modules/extra')

diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 0a5a76792..6413c89f6 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -262,8 +262,10 @@ class ModuleSSLOpenSSL : public Module
 			if (sessions[user->eh.GetFd()].sess)
 			{
 				if (!sessions[user->eh.GetFd()].cert->fingerprint.empty())
-					user->WriteServ("NOTICE %s :*** You are connected using SSL fingerprint %s",
-						user->nick.c_str(), sessions[user->eh.GetFd()].cert->fingerprint.c_str());
+					user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\""
+						" and your SSL fingerprint is %s", user->nick.c_str(), SSL_get_cipher(sessions[user->eh.GetFd()].sess), sessions[user->eh.GetFd()].cert->fingerprint.c_str());
+				else
+					user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\"", user->nick.c_str(), SSL_get_cipher(sessions[user->eh.GetFd()].sess));
 			}
 		}
 	}
-- 
cgit v1.2.3


From 230f6f87aec8b1e0920091c44f149fdc3fced377 Mon Sep 17 00:00:00 2001
From: Robby- <robbyke@gmail.com>
Date: Wed, 27 Jun 2012 20:49:37 +0200
Subject: m_ssl_openssl: Allow the list of available ciphers to be customized.
 This patch was contributed almost 10 months ago via IRC, by spender.

---
 src/modules/extra/m_ssl_openssl.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/modules/extra')

diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 6413c89f6..fa9442a00 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -198,6 +198,13 @@ class ModuleSSLOpenSSL : public Module
 			throw ModuleException("Unknown hash type " + hash);
 		use_sha = (hash == "sha1");
 
+		std::string ciphers = conf->getString("ciphers", "ALL");
+		if ((!SSL_CTX_set_cipher_list(ctx, ciphers.c_str())) || (!SSL_CTX_set_cipher_list(clictx, ciphers.c_str())))
+		{
+			ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't set cipher list to %s.", ciphers.c_str());
+			ERR_print_errors_cb(error_callback, this);
+		}
+
 
 		/* Load our keys and certificates
 		 * NOTE: OpenSSL's error logging API sucks, don't blame us for this clusterfuck.
-- 
cgit v1.2.3