Blame SOURCES/openssl-1.0.1e-weak-ciphers.patch

2b5643
diff -up openssl-1.0.1e/ssl/ssl.h.weak-ciphers openssl-1.0.1e/ssl/ssl.h
2b5643
--- openssl-1.0.1e/ssl/ssl.h.weak-ciphers	2013-12-18 15:50:40.881620314 +0100
2b5643
+++ openssl-1.0.1e/ssl/ssl.h	2013-12-18 14:25:25.596566704 +0100
2b5643
@@ -331,7 +331,7 @@ extern "C" {
2b5643
 /* The following cipher list is used by default.
2b5643
  * It also is substituted when an application-defined cipher list string
2b5643
  * starts with 'DEFAULT'. */
2b5643
-#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2"
2b5643
+#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES"
2b5643
 /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
2b5643
  * starts with a reasonable order, and all we have to do for DEFAULT is
2b5643
  * throwing out anonymous and unencrypted ciphersuites!