PiotrSikora · January 29, 2014 20:44
diff --git a/openssl__disable_rc4.patch b/openssl__disable_rc4.patch
 From 0eee93c85b7ebe0778c525baa36f368799c4390c Mon Sep 17 00:00:00 2001
 From: Piotr Sikora <piotr@cloudflare.com>
 Date: Tue, 21 Jan 2014 19:58:04 -0800
 Subject: [PATCH] Disable RC4 for TLS v1.1+ (server-side).

 Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
 ---
 ssl/s3_lib.c | 5 +++++
 1 file changed, 5 insertions(+)

 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
 index c4ef273..ecd7682 100644
 --- a/ssl/s3_lib.c
 +++ b/ssl/s3_lib.c
 @@ -3816,6 +3816,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 			(TLS1_get_version(s) < TLS1_2_VERSION))
 			continue;
 
 +		/* Disable RC4 for TLS v1.1+ */
 +		if ((c->algorithm_enc == SSL_RC4) &&
 +			(TLS1_get_version(s) >= TLS1_1_VERSION))
 +			continue;
 +
 		ssl_set_cert_masks(cert,c);
 		mask_k = cert->mask_k;
 		mask_a = cert->mask_a;
 -- 
 1.8.4.3
	From 0eee93c85b7ebe0778c525baa36f368799c4390c Mon Sep 17 00:00:00 2001
	From: Piotr Sikora <piotr@cloudflare.com>
	Date: Tue, 21 Jan 2014 19:58:04 -0800
	Subject: [PATCH] Disable RC4 for TLS v1.1+ (server-side).

	Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
	---
	ssl/s3_lib.c \| 5 +++++
	1 file changed, 5 insertions(+)

	diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
	index c4ef273..ecd7682 100644
	--- a/ssl/s3_lib.c
	+++ b/ssl/s3_lib.c
	@@ -3816,6 +3816,11 @@ SSL_CIPHER ssl3_choose_cipher(SSL s, STACK_OF(SSL_CIPHER) *clnt,
	(TLS1_get_version(s) < TLS1_2_VERSION))
	continue;

	+ /* Disable RC4 for TLS v1.1+ */
	+ if ((c->algorithm_enc == SSL_RC4) &&
	+ (TLS1_get_version(s) >= TLS1_1_VERSION))
	+ continue;
	+
	ssl_set_cert_masks(cert,c);
	mask_k = cert->mask_k;
	mask_a = cert->mask_a;
	--
	1.8.4.3
No results found