Move default cipher suite spec to defaults.h

10 years ago · 39e9c898e5
parent 0a6ca2ac98
commit 39e9c898e5
2 changed files with 9 additions and 2 deletions
--- a/defaults.h
+++ b/defaults.h
@ -51,6 +51,13 @@
 #define DFLT_FILEMODE 0666
 #define DFLT_PIDFMODE 0644

+/*
+ * Default cipher suite spec.
+ * Use 'openssl ciphers -v spec' to see what ciphers are effectively enabled
+ * by a cipher suite spec with a given version of OpenSSL.
+ */
+#define DFLT_CIPHERS "ALL:-aNULL"
+
 /*
 * Default elliptic curve for EC cipher suites.
 */
--- a/main.c
+++ b/main.c
@ -140,7 +140,7 @@ main_usage(void)
 #endif /* !SSL_OP_NO_COMPRESSION */
 "  -r proto    only support one of " SSL_PROTO_SUPPORT_S "(default: all)\n"
 "  -R proto    disable one of " SSL_PROTO_SUPPORT_S "(default: none)\n"
-"  -s ciphers  use the given OpenSSL cipher suite spec (default: ALL:-aNULL)\n"
+"  -s ciphers  use the given OpenSSL cipher suite spec (default: " DFLT_CIPHERS ")\n"
 "  -e engine   specify default NAT engine to use (default: %s)\n"
 "  -E          list available NAT engines and exit\n"
 "  -u user     drop privileges to user (default if run as root: " DFLT_DROPUSER ")\n"
@ -715,7 +715,7 @@ main(int argc, char *argv[])

 	/* dynamic defaults */
 	if (!opts->ciphers) {
-		opts->ciphers = strdup("ALL:-aNULL");
+		opts->ciphers = strdup(DFLT_CIPHERS);
 		if (!opts->ciphers)
 			oom_die(argv0);
 	}