From cb3b8383c2b04ef6c7f21b14eb407e60ad7cebdb Mon Sep 17 00:00:00 2001
From: Jason Yeo <jasonyeo88@gmail.com>
Date: Wed, 13 Apr 2016 16:52:30 +0800
Subject: Remove RC4 cipher suites from SSLContext::DEFAULT_PARAMS

This commit removes insecure RC4 ciper suites [1] from being used by
default. If needed, users can still specify the usage of it by
specifying it explicitly.

[1]: https://tools.ietf.org/html/rfc7465
---
 lib/openssl/ssl.rb | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'lib')

diff --git a/lib/openssl/ssl.rb b/lib/openssl/ssl.rb
index 57519f2c..39ddf8a8 100644
--- a/lib/openssl/ssl.rb
+++ b/lib/openssl/ssl.rb
@@ -50,9 +50,6 @@ module OpenSSL
           AES256-SHA256
           AES128-SHA
           AES256-SHA
-          ECDHE-ECDSA-RC4-SHA
-          ECDHE-RSA-RC4-SHA
-          RC4-SHA
         }.join(":"),
         :options => -> {
           opts = OpenSSL::SSL::OP_ALL
-- 
cgit v1.2.3