From e753490615e75d93bd485ca09633e388dd483958 Mon Sep 17 00:00:00 2001
From: Sergey Avseyev <sergey.avseyev@gmail.com>
Date: Fri, 23 Feb 2018 19:02:53 +0300
Subject: [PATCH] Enforce system crypto policies

---
 src/ssl/ssl_common.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/ssl/ssl_common.c b/src/ssl/ssl_common.c
index 6ba8579d..ce7c1e0b 100644
--- a/src/ssl/ssl_common.c
+++ b/src/ssl/ssl_common.c
@@ -278,8 +278,7 @@ lcbio_pSSLCTX lcbio_ssl_new(const char *tsfile, const char *cafile, const char *
         goto GT_ERR;
 
     }
-    SSL_CTX_set_cipher_list(ret->ctx, "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:SEED-SHA:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5");
-//    SSL_CTX_set_cipher_list(ret->ctx, "!NULL");
+    SSL_CTX_set_cipher_list(ret->ctx, "PROFILE=SYSTEM");
 
     if (cafile) {
         lcb_log(LOGARGS_S(settings, LCB_LOG_DEBUG), "Load verify locations from \"%s\"", tsfile ? tsfile : keyfile);
-- 
2.14.3