darwinssl: disable RC4 cipher-suite support

RC4 was a nice alternative to CBC back in the days of BEAST, but it's insecure and obsolete now.
author: Nick Zitzmann <nickzman@gmail.com> 2016-09-18 15:01:03 -0500
committer: Nick Zitzmann <nickzman@gmail.com> 2016-09-18 15:01:03 -0500
commit: 227ee9d84d390f37c28dfe43ceda308c6083b1f6 (patch)
tree: 9a7ad3236de28bed36eedbeabad70792254ac4fc /lib/vtls
parent: d086b2394cb92a838d87c02a108460fcfd12c9ac (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index 90119dd50..9af379112 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -1438,6 +1438,16 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
         /* Disable IDEA: */
         case SSL_RSA_WITH_IDEA_CBC_SHA:
         case SSL_RSA_WITH_IDEA_CBC_MD5:
+        /* Disable RC4: */
+        case SSL_RSA_WITH_RC4_128_MD5:
+        case SSL_RSA_WITH_RC4_128_SHA:
+        case 0xC002: /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
+        case 0xC007: /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA*/
+        case 0xC00C: /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
+        case 0xC011: /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
+        case 0x008A: /* TLS_PSK_WITH_RC4_128_SHA */
+        case 0x008E: /* TLS_DHE_PSK_WITH_RC4_128_SHA */
+        case 0x0092: /* TLS_RSA_PSK_WITH_RC4_128_SHA */
           break;
         default: /* enable everything else */
           allowed_ciphers[allowed_ciphers_count++] = all_ciphers[i];
author	Nick Zitzmann <nickzman@gmail.com>	2016-09-18 15:01:03 -0500
committer	Nick Zitzmann <nickzman@gmail.com>	2016-09-18 15:01:03 -0500
commit	227ee9d84d390f37c28dfe43ceda308c6083b1f6 (patch)
tree	9a7ad3236de28bed36eedbeabad70792254ac4fc /lib/vtls
parent	d086b2394cb92a838d87c02a108460fcfd12c9ac (diff)