through this under load, and speeding up connection).
- IRCd now also sets the &me fd as being non blocking (wasn't before, that
was odd..)
+- Added set::ssl::server-cipher-list, #002368 requested by Beastie
unsigned mkpasswd_for_everyone:1;
unsigned allow_part_if_shunned:1;
unsigned check_target_nick_bans:1;
- unsigned use_egd;
+ unsigned use_egd : 1;
long host_timeout;
int host_retries;
char *name_server;
#ifdef USE_SSL
char *x_server_cert_pem;
char *x_server_key_pem;
+ char *x_server_cipher_list;
char *trusted_ca_file;
long ssl_options;
#elif defined(_WIN32)
- void *bogus1, *bogus2, *bogus3;
+ void *bogus1, *bogus2, *bogus3, *bogus5;
long bogus4;
#endif
enum UHAllowed userhost_allowed;
unsigned has_mkpasswd_for_everyone:1;
unsigned has_allow_part_if_shunned:1;
unsigned has_ssl_egd:1;
+ unsigned has_ssl_server_cipher_list :1;
unsigned has_dns_timeout:1;
unsigned has_dns_retries:1;
unsigned has_dns_nameserver:1;
#ifdef USE_SSL
ircfree(i->x_server_cert_pem);
ircfree(i->x_server_key_pem);
+ ircfree(i->x_server_cipher_list);
ircfree(i->trusted_ca_file);
#endif
ircfree(i->restrict_usermodes);
if (cepp->ce_vardata)
tempiConf.egd_path = strdup(cepp->ce_vardata);
}
+ else if (!strcmp(cepp->ce_varname, "server-cipher-list"))
+ {
+ ircstrdup(tempiConf.x_server_cipher_list, cepp->ce_vardata);
+ }
else if (!strcmp(cepp->ce_varname, "certificate"))
{
ircstrdup(tempiConf.x_server_cert_pem, cepp->ce_vardata);
if (!strcmp(cepp->ce_varname, "egd")) {
CheckDuplicate(cep, ssl_egd, "ssl::egd");
}
+ else if (!strcmp(cepp->ce_varname, "server-cipher-list"))
+ {
+ CheckNull(cepp);
+ CheckDuplicate(cep, ssl_server_cipher_list, "ssl:server-cipher-list");
+ }
else if (!strcmp(cepp->ce_varname, "certificate"))
{
CheckNull(cepp);
mylog("Failed to check SSL private key");
goto fail;
}
+ if (iConf.x_server_cipher_list)
+ {
+ if (SSL_CTX_set_cipher_list(ctx_server, iConf.x_server_cipher_list) == 0)
+ {
+ mylog("Failed to set SSL cipher list for clients");
+ goto fail;
+ }
+ }
if (iConf.trusted_ca_file)
{
if (!SSL_CTX_load_verify_locations(ctx_server, iConf.trusted_ca_file, NULL))