local $myip = inet_ntoa((unpack_sockaddr_in($sn))[1]);
local $ssl_ctx = $ssl_contexts{$myip} || $ssl_contexts{"*"};
local $ssl_con = Net::SSLeay::new($ssl_ctx);
+if ($config{'ssl_cipher_list'}) {
+ # Force use of ciphers
+ eval "Net::SSLeay::set_cipher_list(
+ \$ssl_con, \$config{'ssl_cipher_list'})";
+ if ($@) {
+ print STDERR "SSL cipher $config{'ssl_cipher_list'} failed : ",
+ "$@\n";
+ }
+ else {
+ }
+ }
Net::SSLeay::set_fd($ssl_con, fileno($sock));
if (!Net::SSLeay::accept($ssl_con)) {
print STDERR "Failed to initialize SSL connection\n";
# SymbianOS is the only distinguishing string
"iPhone", # Apple iPhone KHTML browser
"iPod", # iPod touch browser
+ "MobileSafari", # HTTP client in iPhone
);
foreach my $p (@prefixes) {
return 1 if ($agent =~ /^\Q$p\E/);
Refresh the left-side frame when installing, removing or re-categorizing modules.
---- Changes since 1.420 ----
On Linux systems, the IO scheduling class and priority for Webmin Cron jobs can be set on the Advanced Options page.
+Added a field to the SSL Encryption page for setting allowed ciphers.
$in{'version'} =~ /^\d+$/ || &error($text{'ssl_eversion'});
$miniserv{'ssl_version'} = $in{'version'};
}
+if ($in{'cipher_list_def'}) {
+ delete($miniserv{'ssl_cipher_list'});
+ }
+else {
+ $in{'cipher_list'} =~ /^\S+$/ || &error($text{'ssl_ecipher_list'});
+ $miniserv{'ssl_cipher_list'} = $in{'cipher_list'};
+ }
foreach $ec (split(/[\r\n]+/, $in{'extracas'})) {
-r $ec && !-d $ec || &error(&text('ssl_eextraca', $ec));
push(@extracas, $ec);
&ui_opt_textbox("version", $miniserv{'ssl_version'}, 4,
$text{'ssl_auto'}));
+print &ui_table_row($text{'ssl_cipher_list'},
+ &ui_opt_textbox("cipher_list", $miniserv{'ssl_cipher_list'}, 30,
+ $text{'ssl_auto'}));
+
print &ui_table_row($text{'ssl_extracas'},
&ui_textarea("extracas", join("\n",split(/\s+/, $miniserv{'extracas'})),
3, 60));
ssl_return=SSL keys
ssl_version=SSL protocol version
ssl_no2=Allow SSL version 2 browsers?
+ssl_cipher_list=Allowed SSL ciphers
+ssl_ecipher_list=Missing or invalid cipher list - must be like <tt>HIGH:-SSLv2:-aNULL</tt>
ssl_auto=Detect automatically
ssl_eversion=Missing or invalid version number
ssl_saveheader=Upload existing key