[people/teissler/ipfire-2.x.git] / src / patches / openssl-1.0.1e-weak-ciphers.patch

diff -up openssl-1.0.1e/ssl/ssl.h.weak-ciphers openssl-1.0.1e/ssl/ssl.h
--- openssl-1.0.1e/ssl/ssl.h.weak-ciphers	2013-12-18 15:50:40.881620314 +0100
+++ openssl-1.0.1e/ssl/ssl.h	2013-12-18 14:25:25.596566704 +0100
@@ -331,7 +331,7 @@ extern "C" {
 /* The following cipher list is used by default.
  * It also is substituted when an application-defined cipher list string
  * starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2"
+#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES"
 /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
  * starts with a reasonable order, and all we have to do for DEFAULT is
  * throwing out anonymous and unencrypted ciphersuites!
Commit	Line	Data
33c4c29b MT	1	diff -up openssl-1.0.1e/ssl/ssl.h.weak-ciphers openssl-1.0.1e/ssl/ssl.h
	2	--- openssl-1.0.1e/ssl/ssl.h.weak-ciphers 2013-12-18 15:50:40.881620314 +0100
	3	+++ openssl-1.0.1e/ssl/ssl.h 2013-12-18 14:25:25.596566704 +0100
	4	@@ -331,7 +331,7 @@ extern "C" {
	5	/* The following cipher list is used by default.
	6	* It also is substituted when an application-defined cipher list string
	7	* starts with 'DEFAULT'. */
	8	-#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
	9	+#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES"
	10	/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
	11	* starts with a reasonable order, and all we have to do for DEFAULT is
	12	* throwing out anonymous and unencrypted ciphersuites!