Disable RC4.

author Simon Ruderich <simon@ruderich.org>

Mon, 6 Jan 2014 00:50:42 +0000 (01:50 +0100)

committer Simon Ruderich <simon@ruderich.org>

Mon, 6 Jan 2014 00:50:42 +0000 (01:50 +0100)
author Simon Ruderich <simon@ruderich.org>
Mon, 6 Jan 2014 00:50:42 +0000 (01:50 +0100)
committer Simon Ruderich <simon@ruderich.org>
Mon, 6 Jan 2014 00:50:42 +0000 (01:50 +0100)
diff --git a/src/tlsproxy.h b/src/tlsproxy.h

index 7bd573b5fb2dc0dfb2a603969f6ecd112f919d0e..af58ff24dfadc32ebc338fa9f1e6885b64317b70 100644 (file)
--- a/src/tlsproxy.h
+++ b/src/tlsproxy.h
@@ -57,6 +57,8 @@
      "SECURE" \
      /* Lower priority of SHA-1, user better hashes if possible. */ \
      ":-SHA1:+SHA1" \
+    /* No RC4, it's broken. */ \
+    ":-ARCFOUR-40:-ARCFOUR-128" \
      /* Force safe renegotiations. Shouldn't cause any problems as this \
       * option only affects the server side (with GnuTLS defaults) and the \
       * local clients most-likely already support safe renegotiations (old \
author	Simon Ruderich <simon@ruderich.org>
	Mon, 6 Jan 2014 00:50:42 +0000 (01:50 +0100)
committer	Simon Ruderich <simon@ruderich.org>
	Mon, 6 Jan 2014 00:50:42 +0000 (01:50 +0100)