Set openssl security level to 0 when using aNULL ciphers

git-svn-id: file:///svn/unbound/trunk@3919 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/daemon/remote.c b/daemon/remote.c
index 2058caeb4d9bb1154c5359899e3604e90cc12ed6..fa945439cc602dbcc0026211772374ce1b1bcbbc 100644 (file)
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -243,6 +243,9 @@ daemon_remote_create(struct config_file* cfg)
 
        if (cfg->remote_control_use_cert == 0) {
                /* No certificates are requested */
+               #if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL)
+                       SSL_CTX_set_security_level(rc->ctx, 0);
+               #endif
                if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL")) {
                        log_crypto_err("Failed to set aNULL cipher list");
                        daemon_remote_delete(rc);

diff --git a/doc/Changelog b/doc/Changelog
index d4088b2595b4dee21aaa084e231c4cf8946f170d..36017abe8f9a0ab7bddbbcf7176cfcfa467b5da8 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+3 November 2016: Ralph
+       - Set OpenSSL security level to 0 when using aNULL ciphers.
+
 3 November 2016: Wouter
        - .gitattributes line for githubs code language display.
        - log-identity: config option to set sys log identity, patch from

diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
index 19268edabde743f5d2dd88345d5b3967f9569121..79b3ae5fa08df5c112ceac7f77fa701e86eae710 100644 (file)
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@@ -176,6 +176,9 @@ setup_ctx(struct config_file* cfg)
                free(c_cert);
        } else {
                /* Use ciphers that don't require authentication  */
+               #if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL)
+                       SSL_CTX_set_security_level(ctx, 0);
+               #endif
                if(!SSL_CTX_set_cipher_list(ctx, "aNULL"))
                        ssl_err("Error setting NULL cipher!");
        }