Allowed ciphers option

miniserv.pl

@@ -3816,6 +3816,17 @@ if (!$sn) {
 local $myip = inet_ntoa((unpack_sockaddr_in($sn))[1]);
 local $ssl_ctx = $ssl_contexts{$myip} || $ssl_contexts{"*"};
 local $ssl_con = Net::SSLeay::new($ssl_ctx);
+if ($config{'ssl_cipher_list'}) {
+	# Force use of ciphers
+	eval "Net::SSLeay::set_cipher_list(
+			\$ssl_con, \$config{'ssl_cipher_list'})";
+	if ($@) {
+		print STDERR "SSL cipher $config{'ssl_cipher_list'} failed : ",
+			     "$@\n";
+		}
+	else {
+		}
+	}
 Net::SSLeay::set_fd($ssl_con, fileno($sock));
 if (!Net::SSLeay::accept($ssl_con)) {
 	print STDERR "Failed to initialize SSL connection\n";
@@ -4531,6 +4542,7 @@ local @substrings = (
                           # SymbianOS is the only distinguishing string
     "iPhone",		  # Apple iPhone KHTML browser
     "iPod",		  # iPod touch browser
+    "MobileSafari",	  # HTTP client in iPhone
     );
 foreach my $p (@prefixes) {
 	return 1 if ($agent =~ /^\Q$p\E/);

webmin/CHANGELOG

@@ -79,3 +79,4 @@ The default scheduled update time is now randomly selected.
 Refresh the left-side frame when installing, removing or re-categorizing modules.
 ---- Changes since 1.420 ----
 On Linux systems, the IO scheduling class and priority for Webmin Cron jobs can be set on the Advanced Options page.
+Added a field to the SSL Encryption page for setting allowed ciphers.

webmin/change_ssl.cgi

@@ -20,6 +20,13 @@ else {
 	$in{'version'} =~ /^\d+$/ || &error($text{'ssl_eversion'});
 	$miniserv{'ssl_version'} = $in{'version'};
 	}
+if ($in{'cipher_list_def'}) {
+	delete($miniserv{'ssl_cipher_list'});
+	}
+else {
+	$in{'cipher_list'} =~ /^\S+$/ || &error($text{'ssl_ecipher_list'});
+	$miniserv{'ssl_cipher_list'} = $in{'cipher_list'};
+	}
 foreach $ec (split(/[\r\n]+/, $in{'extracas'})) {
 	-r $ec && !-d $ec || &error(&text('ssl_eextraca', $ec));
 	push(@extracas, $ec);

webmin/edit_ssl.cgi

@@ -54,6 +54,10 @@ print &ui_table_row($text{'ssl_version'},
 	&ui_opt_textbox("version", $miniserv{'ssl_version'}, 4,
 			$text{'ssl_auto'}));
 
+print &ui_table_row($text{'ssl_cipher_list'},
+	&ui_opt_textbox("cipher_list", $miniserv{'ssl_cipher_list'}, 30,
+			$text{'ssl_auto'}));
+
 print &ui_table_row($text{'ssl_extracas'},
 	&ui_textarea("extracas", join("\n",split(/\s+/, $miniserv{'extracas'})),
 		     3, 60));

webmin/lang/en

@@ -333,6 +333,8 @@ ssl_addipkey=Add a new IP-specific SSL key.
 ssl_return=SSL keys
 ssl_version=SSL protocol version
 ssl_no2=Allow SSL version 2 browsers?
+ssl_cipher_list=Allowed SSL ciphers
+ssl_ecipher_list=Missing or invalid cipher list - must be like <tt>HIGH:-SSLv2:-aNULL</tt>
 ssl_auto=Detect automatically
 ssl_eversion=Missing or invalid version number
 ssl_saveheader=Upload existing key