unbreak ssl

So, it turns out they got RC4 wrong. This affects the Java client, because RC4 is its default. It doesn't normally affect the Mono client because it defaults to AES. Masked the RC4 cipher suites. When they fix, we should unmask them.
author: Alexandru Scvortov <alexandru@rabbitmq.com> 2010-09-07 00:05:48 +0100
committer: Alexandru Scvortov <alexandru@rabbitmq.com> 2010-09-07 00:05:48 +0100
commit: 50ac875057e3e1cb0b5e39f587f9aa0afc105fe1 (patch)
tree: b86aa0a6011c1c914668622820e926eed036fea9
parent: db8aed87875ddd5140a7d7a8f923c01a078b824b (diff)
download: rabbitmq-server-git-50ac875057e3e1cb0b5e39f587f9aa0afc105fe1.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/src/rabbit_networking.erl b/src/rabbit_networking.erl
index 08272afed4..8151fd980e 100644
--- a/src/rabbit_networking.erl
+++ b/src/rabbit_networking.erl
@@ -116,7 +116,12 @@ boot_ssl() ->
                                                  end}
                                    | SslOptsConfig]
                 end,
-            [start_ssl_listener(Host, Port, SslOpts) || {Host, Port} <- SslListeners],
+            % In R13B04 and R14A (at least), rc4 is incorrectly implemented.
+            CSs = lists:filter(fun ({_, rc4_128, _}) -> false;
+                                   (_)               -> true
+                               end, ssl:cipher_suites()),
+            SslOpts1 = [{ciphers, CSs} | SslOpts],
+            [start_ssl_listener(Host, Port, SslOpts1) || {Host, Port} <- SslListeners],
             ok
     end.
author	Alexandru Scvortov <alexandru@rabbitmq.com>	2010-09-07 00:05:48 +0100
committer	Alexandru Scvortov <alexandru@rabbitmq.com>	2010-09-07 00:05:48 +0100
commit	50ac875057e3e1cb0b5e39f587f9aa0afc105fe1 (patch)
tree	b86aa0a6011c1c914668622820e926eed036fea9
parent	db8aed87875ddd5140a7d7a8f923c01a078b824b (diff)
download	rabbitmq-server-git-50ac875057e3e1cb0b5e39f587f9aa0afc105fe1.tar.gz