Add ssl_cipher_list to server options
diff --git a/etc/openwsman.conf b/etc/openwsman.conf
index b78c23d..84326f2 100644
--- a/etc/openwsman.conf
+++ b/etc/openwsman.conf
@@ -39,6 +39,10 @@
# possible values: SSLv2 SSLv3 TLSv1 TLSv1_1 TLSv1_2
ssl_disabled_protocols = SSLv2 SSLv3
+# SSL cipher list
+# see 'ciphers' in the OpenSSL documentation
+#ssl_cipher_list =
+
# set these to enable digest authentication against a local datbase
#digest_password_file = /etc/openwsman/digest_auth.passwd
diff --git a/src/server/wsmand-daemon.c b/src/server/wsmand-daemon.c
index e48971e..b71a733 100644
--- a/src/server/wsmand-daemon.c
+++ b/src/server/wsmand-daemon.c
@@ -79,6 +79,7 @@
static char *service_path = DEFAULT_SERVICE_PATH;
static char *ssl_cert_file = NULL;
static char *ssl_disabled_protocols = NULL;
+static char *ssl_cipher_list = NULL;
static char *pid_file = DEFAULT_PID_PATH;
static char *uri_subscription_repository = DEFAULT_SUBSCRIPTION_REPOSITORY;
static int daemon_flag = 0;
@@ -178,6 +179,7 @@
ssl_key_file = iniparser_getstr(ini, "server:ssl_key_file");
ssl_cert_file = iniparser_getstr(ini, "server:ssl_cert_file");
ssl_disabled_protocols = iniparser_getstr(ini, "server:ssl_disabled_protocols");
+ ssl_cipher_list = iniparser_getstr(ini, "server:ssl_cipher_list");
use_ipv4 = iniparser_getboolean(ini, "server:ipv4", 1);
#ifdef ENABLE_IPV6
use_ipv6 = iniparser_getboolean(ini, "server:ipv6", 1);
@@ -348,6 +350,11 @@
return ssl_disabled_protocols;
}
+char *wsmand_options_get_ssl_cipher_list(void)
+{
+ return ssl_cipher_list;
+}
+
int wsmand_options_get_digest(void)
{
return use_digest;
diff --git a/src/server/wsmand-daemon.h b/src/server/wsmand-daemon.h
index a5bd4ee..2d7b34e 100644
--- a/src/server/wsmand-daemon.h
+++ b/src/server/wsmand-daemon.h
@@ -77,6 +77,7 @@
char *wsmand_options_get_ssl_key_file(void);
char *wsmand_options_get_ssl_cert_file(void);
char *wsmand_options_get_ssl_disabled_protocols(void);
+char *wsmand_options_get_ssl_cipher_list(void);
int wsmand_options_get_digest(void);
char *wsmand_options_get_digest_password_file(void);
char *wsmand_options_get_basic_password_file(void);