]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - src/patches/openssl-1.1.0g-weak-ciphers.patch
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
core127: run xt_geoip_update
[people/pmueller/ipfire-2.x.git] / src / patches / openssl-1.1.0g-weak-ciphers.patch
1 --- openssl-1.1.0g-orig/include/openssl/ssl.h 2017-11-02 15:29:05.000000000 +0100
2 +++ openssl-1.1.0g/include/openssl/ssl.h 2018-02-27 18:23:43.522649728 +0100
3 @@ -194,7 +194,7 @@
4 * The following cipher list is used by default. It also is substituted when
5 * an application-defined cipher list string starts with 'DEFAULT'.
6 */
7 -# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
8 +# define SSL_DEFAULT_CIPHER_LIST "kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+kRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!kECDH:!IDEA:!SEED:!RC4:!kDH:!DSS"
9 /*
10 * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
11 * starts with a reasonable order, and all we have to do for DEFAULT is
Peter's tree of IPFire 2.x