|
 |
bdaebd |
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
|
|
|
bdaebd |
index 4cfd2d0..6ac55bd 100644
|
|
|
bdaebd |
--- a/modules/ssl/ssl_engine_config.c
|
|
|
bdaebd |
+++ b/modules/ssl/ssl_engine_config.c
|
|
|
bdaebd |
@@ -776,9 +776,11 @@ const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd,
|
|
|
bdaebd |
}
|
|
|
bdaebd |
|
|
|
bdaebd |
if (!strcmp("SSL", arg1)) {
|
|
|
bdaebd |
- /* always disable null and export ciphers */
|
|
|
bdaebd |
- arg2 = apr_pstrcat(cmd->pool, arg2, ":!aNULL:!eNULL:!EXP", NULL);
|
|
|
bdaebd |
if (cmd->path) {
|
|
|
bdaebd |
+ /* Disable null and export ciphers by default, except for PROFILE=
|
|
|
bdaebd |
+ * configs where the parser doesn't cope. */
|
|
|
bdaebd |
+ if (strncmp(arg2, "PROFILE=", 8) != 0)
|
|
|
bdaebd |
+ arg2 = apr_pstrcat(cmd->pool, arg2, ":!aNULL:!eNULL:!EXP", NULL);
|
|
|
bdaebd |
dc->szCipherSuite = arg2;
|
|
|
bdaebd |
}
|
|
|
bdaebd |
else {
|
|
|
bdaebd |
@@ -1542,8 +1544,10 @@ const char *ssl_cmd_SSLProxyCipherSuite(cmd_parms *cmd,
|
|
|
bdaebd |
}
|
|
|
bdaebd |
|
|
|
bdaebd |
if (!strcmp("SSL", arg1)) {
|
|
|
bdaebd |
- /* always disable null and export ciphers */
|
|
|
bdaebd |
- arg2 = apr_pstrcat(cmd->pool, arg2, ":!aNULL:!eNULL:!EXP", NULL);
|
|
|
bdaebd |
+ /* Disable null and export ciphers by default, except for PROFILE=
|
|
|
bdaebd |
+ * configs where the parser doesn't cope. */
|
|
|
bdaebd |
+ if (strncmp(arg2, "PROFILE=", 8) != 0)
|
|
|
bdaebd |
+ arg2 = apr_pstrcat(cmd->pool, arg2, ":!aNULL:!eNULL:!EXP", NULL);
|
|
|
bdaebd |
dc->proxy->auth.cipher_suite = arg2;
|
|
|
bdaebd |
return NULL;
|
|
|
bdaebd |
}
|