]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blobdiff - src/patches/openssl-1.1.1d-default-cipherlist.patch
projects / people / pmueller / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
OpenSSL: remove ciphers without Forward Secrecy from default ciphersuite
[people/pmueller/ipfire-2.x.git] / src / patches / openssl-1.1.1d-default-cipherlist.patch
diff --git a/src/patches/openssl-1.1.1d-default-cipherlist.patch b/src/patches/openssl-1.1.1d-default-cipherlist.patch
index 5ad7829e7c187dcbf2ff347c00672a89bb575bac..a3a48933ea913ebe1b6290392c9ab1b3d1ba7d09 100644 (file)
--- a/src/patches/openssl-1.1.1d-default-cipherlist.patch
+++ b/src/patches/openssl-1.1.1d-default-cipherlist.patch
@@ -5,7 +5,7 @@
   * This applies to ciphersuites for TLSv1.2 and below.
   */
 -# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
-+# define SSL_DEFAULT_CIPHER_LIST "HIGH:+aRSA:+SHA384:+SHA256:+DH:+SHA:+kRSA:!eNULL:!aNULL:!PSK:!SRP:!AESCCM:!DSS"
++# define SSL_DEFAULT_CIPHER_LIST "HIGH:+aRSA:+SHA384:+SHA256:+DH:+SHA:!kRSA:!eNULL:!aNULL:!PSK:!SRP:!AESCCM:!DSS"
  /* This is the default set of TLSv1.3 ciphersuites */
  # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  #  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
Peter's tree of IPFire 2.x