[people/pmueller/ipfire-2.x.git] / src / patches / openssl-1.0.2h-weak-ciphers.patch

diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h
--- openssl-1.0.2h.org/ssl/ssl.h	2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2h/ssl/ssl.h	2016-05-03 18:49:10.393302264 +0200
@@ -338,7 +338,7 @@
  * The following cipher list is used by default. It also is substituted when
  * an application-defined cipher list string starts with 'DEFAULT'.
  */
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
 /*
  * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
  * starts with a reasonable order, and all we have to do for DEFAULT is
Commit	Line	Data
d25d7bfc AF	1	diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h
	2	--- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200
	3	+++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200
	4	@@ -338,7 +338,7 @@
	5	* The following cipher list is used by default. It also is substituted when
	6	* an application-defined cipher list string starts with 'DEFAULT'.
	7	*/
	8	-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
	9	+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
	10	/*
	11	* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
	12	* starts with a reasonable order, and all we have to do for DEFAULT is