From 0eee93c85b7ebe0778c525baa36f368799c4390c Mon Sep 17 00:00:00 2001
From: Piotr Sikora <piotr@cloudflare.com>
Date: Tue, 21 Jan 2014 19:58:04 -0800
Subject: [PATCH] Disable RC4 for TLS v1.1+ (server-side).

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
---
 ssl/s3_lib.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c4ef273..ecd7682 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3816,6 +3816,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 			(TLS1_get_version(s) < TLS1_2_VERSION))
 			continue;
 
+		/* Disable RC4 for TLS v1.1+ */
+		if ((c->algorithm_enc == SSL_RC4) &&
+			(TLS1_get_version(s) >= TLS1_1_VERSION))
+			continue;
+
 		ssl_set_cert_masks(cert,c);
 		mask_k = cert->mask_k;
 		mask_a = cert->mask_a;
-- 
1.8.4.3