On 10/15/2014 11:43 AM, Christoph Biedl wrote:
Wild guessing, you run an HTTP/IRC gateway, and the web server process can no longer connect to ngircd?
Apologies for the confusion, I meant applying the CipherList style construct to a similar one I am using in Apache 2.2.22; it doesn't apply to ngircd. I may give yours a try but I've already patched and complied ngircd-22 with it. What's unique is that in ./src/ngircd/conn-ssl.c SSL_CTX_set_options(newctx, SSL_OP_SINGLE_DH_USE|SSL_OP_NO_SSLv2); was initially used to disable SSLv2 so my thoughts were that this was a logical place for SSL_OP_NO_SSLv3 as well. That being said your approach seems completely reasonable as well and likely the least intrusive.
Thanks for the dialog, it's been highly educational, and I appreciate your replies.
Cheers, Nathan