Allowed ciphers option

diff --git a/miniserv.pl b/miniserv.pl
index 89e0bf5..f51b839 100755 (executable)
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -3816,6 +3816,17 @@ if (!$sn) {
 local $myip = inet_ntoa((unpack_sockaddr_in($sn))[1]);
 local $ssl_ctx = $ssl_contexts{$myip} || $ssl_contexts{"*"};
 local $ssl_con = Net::SSLeay::new($ssl_ctx);
+if ($config{'ssl_cipher_list'}) {
+       # Force use of ciphers
+       eval "Net::SSLeay::set_cipher_list(
+                       \$ssl_con, \$config{'ssl_cipher_list'})";
+       if ($@) {
+               print STDERR "SSL cipher $config{'ssl_cipher_list'} failed : ",
+                            "$@\n";
+               }
+       else {
+               }
+       }
 Net::SSLeay::set_fd($ssl_con, fileno($sock));
 if (!Net::SSLeay::accept($ssl_con)) {
        print STDERR "Failed to initialize SSL connection\n";
@@ -4531,6 +4542,7 @@ local @substrings = (
                           # SymbianOS is the only distinguishing string
     "iPhone",            # Apple iPhone KHTML browser
     "iPod",              # iPod touch browser
+    "MobileSafari",      # HTTP client in iPhone
     );
 foreach my $p (@prefixes) {
        return 1 if ($agent =~ /^\Q$p\E/);

diff --git a/webmin/CHANGELOG b/webmin/CHANGELOG
index 05f1130..ba9b9d3 100644 (file)
--- a/webmin/CHANGELOG
+++ b/webmin/CHANGELOG
@@ -79,3 +79,4 @@ The default scheduled update time is now randomly selected.
 Refresh the left-side frame when installing, removing or re-categorizing modules.
 ---- Changes since 1.420 ----
 On Linux systems, the IO scheduling class and priority for Webmin Cron jobs can be set on the Advanced Options page.
+Added a field to the SSL Encryption page for setting allowed ciphers.

diff --git a/webmin/change_ssl.cgi b/webmin/change_ssl.cgi
index 0ac6eda..f48d0c5 100755 (executable)
--- a/webmin/change_ssl.cgi
+++ b/webmin/change_ssl.cgi
@@ -20,6 +20,13 @@ else {
        $in{'version'} =~ /^\d+$/ || &error($text{'ssl_eversion'});
        $miniserv{'ssl_version'} = $in{'version'};
        }
+if ($in{'cipher_list_def'}) {
+       delete($miniserv{'ssl_cipher_list'});
+       }
+else {
+       $in{'cipher_list'} =~ /^\S+$/ || &error($text{'ssl_ecipher_list'});
+       $miniserv{'ssl_cipher_list'} = $in{'cipher_list'};
+       }
 foreach $ec (split(/[\r\n]+/, $in{'extracas'})) {
        -r $ec && !-d $ec || &error(&text('ssl_eextraca', $ec));
        push(@extracas, $ec);

diff --git a/webmin/edit_ssl.cgi b/webmin/edit_ssl.cgi
index 0565605..a829442 100755 (executable)
--- a/webmin/edit_ssl.cgi
+++ b/webmin/edit_ssl.cgi
@@ -54,6 +54,10 @@ print &ui_table_row($text{'ssl_version'},
        &ui_opt_textbox("version", $miniserv{'ssl_version'}, 4,
                        $text{'ssl_auto'}));
 
+print &ui_table_row($text{'ssl_cipher_list'},
+       &ui_opt_textbox("cipher_list", $miniserv{'ssl_cipher_list'}, 30,
+                       $text{'ssl_auto'}));
+
 print &ui_table_row($text{'ssl_extracas'},
        &ui_textarea("extracas", join("\n",split(/\s+/, $miniserv{'extracas'})),
                     3, 60));

diff --git a/webmin/lang/en b/webmin/lang/en
index efda5d5..5090f93 100644 (file)
--- a/webmin/lang/en
+++ b/webmin/lang/en
@@ -333,6 +333,8 @@ ssl_addipkey=Add a new IP-specific SSL key.
 ssl_return=SSL keys
 ssl_version=SSL protocol version
 ssl_no2=Allow SSL version 2 browsers?
+ssl_cipher_list=Allowed SSL ciphers
+ssl_ecipher_list=Missing or invalid cipher list - must be like <tt>HIGH:-SSLv2:-aNULL</tt>
 ssl_auto=Detect automatically
 ssl_eversion=Missing or invalid version number
 ssl_saveheader=Upload existing key