Add ssl_set_arc4_support() Rationale: if people want to disable RC4 but otherwise keep the default suite list, it was cumbersome. Also, since it uses a global array, ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like the best place, even if it means temporarily adding one SSL setting.

commit: bd47a58221f80c088275904040c95e68ab81cec8 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jan 12 13:43:29 2015 +0100
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Jan 13 13:03:06 2015 +0100
tree: 759fb3ab1f2ee72b7d021ce71e3a9a7cc3a15904
parent: 448ea506bf075c22680fc2d45477f78ceb11d8cf [diff] [blame]
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 01b0aca..d611920 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -847,6 +847,10 @@
         suite_info->max_minor_ver < ssl->minor_ver )
         return( 0 );
 
+    if( ssl->arc4_disabled == SSL_ARC4_DISABLED &&
+            suite_info->cipher == POLARSSL_CIPHER_ARC4_128 )
+        return( 0 );
+
 #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
     if( ssl_ciphersuite_uses_ec( suite_info ) &&
         ( ssl->handshake->curves == NULL ||
commit	bd47a58221f80c088275904040c95e68ab81cec8	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Jan 12 13:43:29 2015 +0100
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Tue Jan 13 13:03:06 2015 +0100
tree	759fb3ab1f2ee72b7d021ce71e3a9a7cc3a15904
parent	448ea506bf075c22680fc2d45477f78ceb11d8cf [diff] [blame]