]> git.ipfire.org Git - ipfire-2.x.git/blame - src/patches/openssl-1.1.1a-default-cipherlist.patch
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata
[ipfire-2.x.git] / src / patches / openssl-1.1.1a-default-cipherlist.patch
CommitLineData
32ba4314
EK		 1--- openssl-1.1.1.orig/include/openssl/ssl.h 2018-09-11 14:48:23.000000000 +0200
2+++ openssl-1.1.1/include/openssl/ssl.h 2018-11-05 16:55:03.935513159 +0100
3@@ -170,11 +170,11 @@
4 * an application-defined cipher list string starts with 'DEFAULT'.
5 * This applies to ciphersuites for TLSv1.2 and below.
6 */
7-# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
8+# define SSL_DEFAULT_CIPHER_LIST "TLSv1.3:CHACHA20:HIGH:+DH:+aRSA:+SHA:+kRSA:!aNULL:!eNULL:!SRP:!PSK:!DSS:!AESCCM"
9 /* This is the default set of TLSv1.3 ciphersuites */
10 # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
11-# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
12- "TLS_CHACHA20_POLY1305_SHA256:" \
13+# define TLS_DEFAULT_CIPHERSUITES "TLS_CHACHA20_POLY1305_SHA256:" \
14+ "TLS_AES_256_GCM_SHA384:" \
15 "TLS_AES_128_GCM_SHA256"
16 # else
17 # define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
18
IPFire 2.x development tree