From 0eee93c85b7ebe0778c525baa36f368799c4390c Mon Sep 17 00:00:00 2001 From: Piotr Sikora Date: Tue, 21 Jan 2014 19:58:04 -0800 Subject: [PATCH] Disable RC4 for TLS v1.1+ (server-side). Signed-off-by: Piotr Sikora --- ssl/s3_lib.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c4ef273..ecd7682 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3816,6 +3816,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, (TLS1_get_version(s) < TLS1_2_VERSION)) continue; + /* Disable RC4 for TLS v1.1+ */ + if ((c->algorithm_enc == SSL_RC4) && + (TLS1_get_version(s) >= TLS1_1_VERSION)) + continue; + ssl_set_cert_masks(cert,c); mask_k = cert->mask_k; mask_a = cert->mask_a; -- 1.8.4.3