blob: 4c42bc1c99cdcc2768a565b28de98077b0a975f2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From f670b34632e994661e252f5f163023f71b2741fb Mon Sep 17 00:00:00 2001
From: Sergey Avseyev <sergey.avseyev@gmail.com>
Date: Fri, 23 Feb 2018 19:02:53 +0300
Subject: [PATCH] Enforce system crypto policies
---
src/ssl/ssl_common.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/ssl/ssl_common.c b/src/ssl/ssl_common.c
index 914b6f31..4b11ad04 100644
--- a/src/ssl/ssl_common.c
+++ b/src/ssl/ssl_common.c
@@ -278,8 +278,7 @@ lcbio_pSSLCTX lcbio_ssl_new(const char *tsfile, const char *cafile, const char *
goto GT_ERR;
}
- SSL_CTX_set_cipher_list(ret->ctx, "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:SEED-SHA:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5");
-// SSL_CTX_set_cipher_list(ret->ctx, "!NULL");
+ SSL_CTX_set_cipher_list(ret->ctx, "PROFILE=SYSTEM");
if (cafile || tsfile) {
lcb_log(LOGARGS_S(settings, LCB_LOG_DEBUG), "Load verify locations from \"%s\"", tsfile ? tsfile : cafile);
--
2.19.2
|
