Sync

- Default TLS cipher selection, with override (thanks to Zed Jorarard).
- Updated documentation.

src/Config.cpp

@@ -301,6 +301,7 @@ std::string Config::_defaults =
   "#taskd.certificate <certificat file>\n"
   "#taskd.credentials <organization>/<name>/<password>\n"
   "#taskd.server      <server>:<port>\n"
+  "taskd.ciphers=NORMAL\n"
 	"\n"
   "# Aliases - alternate names for commands\n"
   "alias.rm=delete                                # Alias for the delete command\n"

src/TLSClient.cpp

@@ -154,6 +154,12 @@ void TLSClient::trust (bool value)
   }
 }
 
+////////////////////////////////////////////////////////////////////////////////
+void TLSClient::ciphers (const std::string& cipher_list)
+{
+  _ciphers = cipher_list;
+}
+
 ////////////////////////////////////////////////////////////////////////////////
 void TLSClient::init (
   const std::string& ca,
@@ -181,9 +187,12 @@ void TLSClient::init (
 #endif
   gnutls_init (&_session, GNUTLS_CLIENT);
 
-  // Use default priorities.
+  // Use default priorities unless overridden.
+  if (_ciphers == "")
+    _ciphers = "NORMAL";
+
   const char *err;
-  int ret = gnutls_priority_set_direct (_session, "NORMAL", &err);
+  int ret = gnutls_priority_set_direct (_session, _ciphers.c_str (), &err);
   if (ret < 0)
   {
     if (_debug && ret == GNUTLS_E_INVALID_REQUEST)

src/TLSClient.h

@@ -40,6 +40,7 @@ public:
   void limit (int);
   void debug (int);
   void trust (bool);
+  void ciphers (const std::string&);
   void init (const std::string&, const std::string&, const std::string&);
   void connect (const std::string&, const std::string&);
   void bye ();
@@ -51,6 +52,7 @@ private:
   std::string                      _ca;
   std::string                      _cert;
   std::string                      _key;
+  std::string                      _ciphers;
   gnutls_certificate_credentials_t _credentials;
   gnutls_session_t                 _session;
   int                              _socket;

src/commands/CmdDiagnostics.cpp

@@ -238,6 +238,10 @@ int CmdDiagnostics::execute (std::string& output)
       << context.config.get ("taskd.key")
       << "\n";
 
+  out << "    Ciphers: "
+      << context.config.get ("taskd.ciphers")
+      << "\n";
+
   // Get credentials, but mask out the key.
   std::string credentials = context.config.get ("taskd.credentials");
   std::string::size_type last_slash = credentials.rfind ('/');

src/commands/CmdShow.cpp

@@ -191,6 +191,7 @@ int CmdShow::execute (std::string& output)
     " taskd.server"
     " taskd.ca"
     " taskd.certificate"
+    " taskd.ciphers"
     " taskd.credentials"
     " taskd.key"
     " taskd.trust"

src/commands/CmdSync.cpp

@@ -345,6 +345,7 @@ bool CmdSync::send (
     client.debug (context.config.getInteger ("debug.tls"));
 
     client.trust (trust);
+    client.ciphers (context.config.get ("taskd.ciphers"));
     client.init (ca, certificate, key);
     client.connect (server, port);
     client.send (request.serialize () + "\n");