From 16796cfc8223ccfca9c3c65c3c75621e497b9945 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 20 Jun 2019 10:20:59 +0200 Subject: v2.10.4 from Fedora --- ...hbase-0001-enforce-system-crypto-policies.patch | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 libcouchbase-0001-enforce-system-crypto-policies.patch (limited to 'libcouchbase-0001-enforce-system-crypto-policies.patch') diff --git a/libcouchbase-0001-enforce-system-crypto-policies.patch b/libcouchbase-0001-enforce-system-crypto-policies.patch new file mode 100644 index 0000000..4c42bc1 --- /dev/null +++ b/libcouchbase-0001-enforce-system-crypto-policies.patch @@ -0,0 +1,26 @@ +From f670b34632e994661e252f5f163023f71b2741fb Mon Sep 17 00:00:00 2001 +From: Sergey Avseyev +Date: Fri, 23 Feb 2018 19:02:53 +0300 +Subject: [PATCH] Enforce system crypto policies + +--- + src/ssl/ssl_common.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/ssl/ssl_common.c b/src/ssl/ssl_common.c +index 914b6f31..4b11ad04 100644 +--- a/src/ssl/ssl_common.c ++++ b/src/ssl/ssl_common.c +@@ -278,8 +278,7 @@ lcbio_pSSLCTX lcbio_ssl_new(const char *tsfile, const char *cafile, const char * + goto GT_ERR; + + } +- SSL_CTX_set_cipher_list(ret->ctx, "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:SEED-SHA:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5"); +-// SSL_CTX_set_cipher_list(ret->ctx, "!NULL"); ++ SSL_CTX_set_cipher_list(ret->ctx, "PROFILE=SYSTEM"); + + if (cafile || tsfile) { + lcb_log(LOGARGS_S(settings, LCB_LOG_DEBUG), "Load verify locations from \"%s\"", tsfile ? tsfile : cafile); +-- +2.19.2 + -- cgit