Hello, some time ago I had created some patches for a specific cipher list with ngircd. In reference to the SSLv3 issue (POODLE) the below patch also addresses this issue. The key is just adding "SSL_OP_NO_SSLv3" to the SSL_CTX_set_options function.
--- /backup/archives/system_101514/root/src/ngircd-22/src/ngircd/conn-ssl.c 2014-10-13 09:57:54.000000000 -0500 +++ ./src/ngircd/conn-ssl.c 2014-10-15 09:35:23.000000000 -0500 @@ -324,7 +324,8 @@ Log(LOG_INFO, "Successfully applied SSL CipherList=%s", "EDH+aRSA:!SSLv2:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"); }
- SSL_CTX_set_options(newctx, SSL_OP_SINGLE_DH_USE|SSL_OP_NO_SSLv2); + /* NCF, Oct 15 2014, Disable SSLv3 (POODLE) */ + SSL_CTX_set_options(newctx, SSL_OP_SINGLE_DH_USE|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3); SSL_CTX_set_mode(newctx, SSL_MODE_ENABLE_PARTIAL_WRITE); SSL_CTX_set_verify(newctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, Verify_openssl);
Cheers, Nathan