From dbc3ecdd3db68d50165e3b25c17be769eb90468e Mon Sep 17 00:00:00 2001
From: Marcel Poul <marcel.poul@cern.ch>
Date: Tue, 11 Dec 2012 17:59:04 +0000
Subject: [PATCH] fixed vulnerability reported in EGI RT ticket #4781 1);
 SSL_CTX_set_cipher_list(ssl_ctx, "ALL"); set to chosen ciphers.

---
 emi.canl.canl-c/src/canl_ssl.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c
index aa02051..9221334 100644
--- a/emi.canl.canl-c/src/canl_ssl.c
+++ b/emi.canl.canl-c/src/canl_ssl.c
@@ -87,8 +87,7 @@ ssl_initialize(glb_ctx *cc)
     if (ca_cert_dirn)
         free(ca_cert_dirn);
 
-    //err = SSL_CTX_set_cipher_list(ssl_ctx, "ALL:!LOW:!EXP:!MD5:!MD2");
-    err = SSL_CTX_set_cipher_list(ssl_ctx, "ALL");
+    err = SSL_CTX_set_cipher_list(ssl_ctx, "ALL:!LOW:!EXP:!MD5:!MD2");
     if (!err) {
         err = set_error(cc, ERR_get_error(), SSL_ERROR,
                 "Error setting cipher list");
-- 
1.8.2.3