]> git.ipfire.org Git - ipfire-2.x.git/blobdiff - src/patches/openssl-1.1.1d-default-cipherlist.patch
projects / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'next'
[ipfire-2.x.git] / src / patches / openssl-1.1.1d-default-cipherlist.patch
diff --git a/src/patches/openssl-1.1.1d-default-cipherlist.patch b/src/patches/openssl-1.1.1d-default-cipherlist.patch
new file mode 100644 (file)
index 0000000..5ad7829
--- /dev/null
+++ b/src/patches/openssl-1.1.1d-default-cipherlist.patch
@@ -0,0 +1,11 @@
+--- openssl-1.1.1d.orig/include/openssl/ssl.h  2019-11-04 19:13:08.801905796 +0100
++++ openssl-1.1.1d/include/openssl/ssl.h       2019-11-04 19:14:05.229896747 +0100
+@@ -170,7 +170,7 @@
+  * an application-defined cipher list string starts with 'DEFAULT'.
+  * This applies to ciphersuites for TLSv1.2 and below.
+  */
+-# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
++# define SSL_DEFAULT_CIPHER_LIST "HIGH:+aRSA:+SHA384:+SHA256:+DH:+SHA:+kRSA:!eNULL:!aNULL:!PSK:!SRP:!AESCCM:!DSS"
+ /* This is the default set of TLSv1.3 ciphersuites */
+ # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ #  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
IPFire 2.x development tree