From c16f4e1f788b36064d9461727f432ddab1d248b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Tue, 29 Apr 2014 18:23:07 +0200
Subject: [PATCH] Move RC4 ciphersuites down the list

---
 ChangeLog                  |  1 +
 library/ssl_ciphersuites.c | 24 +++++++++++++-----------
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 82bddbb16..67e1c78cd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,7 @@ Changes
    * Debug module only outputs full lines instead of parts
    * Better support for the different Attribute Types from IETF PKIX (RFC 5280)
    * AES-NI now compiles with "old" assemblers too
+   * Ciphersuites based on RC4 now have the lowest priority by default
 
 Bugfix
    * Only iterate over actual certificates in ssl_write_certificate_request()
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index e91546b65..25d192b7a 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -42,11 +42,11 @@
 /*
  * Ordered from most preferred to least preferred in terms of security.
  *
- * Current rule (except weak and null which come last):
+ * Current rule (except rc4, weak and null which come last):
  * 1. By key exchange:
  *    Forward-secure non-PSK > forward-secure PSK > other non-PSK > other PSK
  * 2. By key length and cipher:
- *    AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES > RC4
+ *    AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES
  * 3. By cipher mode when relevant GCM > CBC
  * 4. By hash function used
  * 5. By key exchange/auth again: EC > non-EC
@@ -97,8 +97,6 @@ static const int ciphersuite_preference[] =
     TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
     TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-    TLS_ECDHE_RSA_WITH_RC4_128_SHA,
 
     /* The PSK ephemeral suites */
     TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
@@ -121,8 +119,6 @@ static const int ciphersuite_preference[] =
 
     TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
     TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDHE_PSK_WITH_RC4_128_SHA,
-    TLS_DHE_PSK_WITH_RC4_128_SHA,
 
     /* All AES-256 suites */
     TLS_RSA_WITH_AES_256_GCM_SHA384,
@@ -166,12 +162,8 @@ static const int ciphersuite_preference[] =
 
     /* All remaining >= 128-bit suites */
     TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_RSA_WITH_RC4_128_SHA,
-    TLS_RSA_WITH_RC4_128_MD5,
     TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDH_RSA_WITH_RC4_128_SHA,
     TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
 
     /* The RSA PSK suites */
     TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
@@ -187,7 +179,6 @@ static const int ciphersuite_preference[] =
     TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
 
     TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
-    TLS_RSA_PSK_WITH_RC4_128_SHA,
 
     /* The PSK suites */
     TLS_PSK_WITH_AES_256_GCM_SHA384,
@@ -203,6 +194,17 @@ static const int ciphersuite_preference[] =
     TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
 
     TLS_PSK_WITH_3DES_EDE_CBC_SHA,
+
+    /* RC4 suites */
+    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+    TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+    TLS_ECDHE_PSK_WITH_RC4_128_SHA,
+    TLS_DHE_PSK_WITH_RC4_128_SHA,
+    TLS_RSA_WITH_RC4_128_SHA,
+    TLS_RSA_WITH_RC4_128_MD5,
+    TLS_ECDH_RSA_WITH_RC4_128_SHA,
+    TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+    TLS_RSA_PSK_WITH_RC4_128_SHA,
     TLS_PSK_WITH_RC4_128_SHA,
 
     /* Weak suites */