summary refs log tree commit diff
path: root/gnu/packages/patches/w3m-disable-weak-ciphers.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/w3m-disable-weak-ciphers.patch')
-rw-r--r--gnu/packages/patches/w3m-disable-weak-ciphers.patch24
1 files changed, 24 insertions, 0 deletions
diff --git a/gnu/packages/patches/w3m-disable-weak-ciphers.patch b/gnu/packages/patches/w3m-disable-weak-ciphers.patch
new file mode 100644
index 0000000000..4780d54cb6
--- /dev/null
+++ b/gnu/packages/patches/w3m-disable-weak-ciphers.patch
@@ -0,0 +1,24 @@
+Subject: Disable weak ciphers
+
+Disable RC4, "export ciphers", and all keys < 128 bits.
+
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674
+---
+ url.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/url.c b/url.c
+index ed6062e..e86b1f3 100644
+--- a/url.c
++++ b/url.c
+@@ -326,6 +326,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
+ 	SSL_load_error_strings();
+ 	if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method())))
+ 	    goto eend;
++	SSL_CTX_set_cipher_list(ssl_ctx, "DEFAULT:!LOW:!RC4:!EXP");
+ 	option = SSL_OP_ALL;
+ 	if (ssl_forbid_method) {
+ 	    if (strchr(ssl_forbid_method, '2'))
+-- 
+2.6.4
+