From f0f51d75c160baeb212090940ec1dc35af9bd565 Mon Sep 17 00:00:00 2001

From: Todd Zullinger <tmz@pobox.com>

Date: Sun, 26 Aug 2018 01:31:13 -0400

Subject: [PATCH] Use system-wide crypto policy

Reference: https://fedoraproject.org/wiki/Packaging:CryptoPolicies

---

 src/Socket.cpp | 17 +++--------------

 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/src/Socket.cpp b/src/Socket.cpp

index fa510462..e40c76ea 100644

--- a/src/Socket.cpp

+++ b/src/Socket.cpp

@@ -28,21 +28,10 @@

 #endif

 #ifdef HAVE_LIBSSL

-// Copypasted from

-// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29

-// at 2018-04-01

+// Use system-wide crypto policy

+// https://fedoraproject.org/wiki/Packaging:CryptoPolicies

 static CString ZNC_DefaultCipher() {

-    return "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-"

-           "ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-"

-           "AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-"

-           "SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-"

-           "RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:"

-           "ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-"

-           "SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:"

-           "DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:"

-           "ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:"

-           "AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-"

-           "SHA:DES-CBC3-SHA:!DSS";

+    return "PROFILE=SYSTEM";

 }

 #endif

-- 

2.19.0.rc0