File 0015-Set-SSL-cipher-list-based-on-config-option.patch of Package openwsman.16287

From 69cf343ae4a12bc5a307aa1b6bed0e0128650f10 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Tue, 3 Jul 2018 13:41:07 +0200
Subject: [PATCH 15/15] Set SSL cipher list based on config option

---
 src/server/shttpd/config.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/server/shttpd/config.c b/src/server/shttpd/config.c
index e21f6c11aef8..50104bfa3c22 100644
--- a/src/server/shttpd/config.c
+++ b/src/server/shttpd/config.c
@@ -88,6 +88,7 @@ set_ssl(struct shttpd_ctx *ctx, void *arg, const char *pem)
 	void		*lib;
 	struct ssl_func	*fp;
         char *ssl_disabled_protocols = wsmand_options_get_ssl_disabled_protocols();
+        char *ssl_cipher_list = wsmand_options_get_ssl_cipher_list();
 
 	arg = NULL;	/* Unused */
 
@@ -159,7 +160,17 @@ set_ssl(struct shttpd_ctx *ctx, void *arg, const char *pem)
           ssl_disabled_protocols = blank_ptr + 1;          
         }
 
-	ctx->ssl_ctx = CTX;
+        if (ssl_cipher_list) {
+          int rc = SSL_CTX_set_cipher_list(CTX, ssl_cipher_list);
+          if (rc != 1) {
+            elog(E_LOG, NULL, "Failed to set SSL cipher list \"%s\"", ssl_cipher_list);
+          }
+          else {
+            debug("SSL cipher list set to \"%s\"", ssl_cipher_list);
+          }
+        }
+
+        ctx->ssl_ctx = CTX;
 }
 #endif /* NO_SSL */
 
-- 
2.18.0