diff options
| author | Remi Collet <fedora@famillecollet.com> | 2016-05-16 10:14:54 +0200 |
|---|---|---|
| committer | Remi Collet <fedora@famillecollet.com> | 2016-05-16 10:14:54 +0200 |
| commit | 77345cceebfeb6f174556d2d2fd65002f4239bd6 (patch) | |
| tree | 401933c9552f113778c4f9be451c30c31f9fd7d6 /mongo-c-driver-crypto.patch | |
| parent | 1b88d40e723cd075998aadeca8f1b68795bd3c32 (diff) | |
mongo-c-driver: add patch to enforce system crypto policies
Diffstat (limited to 'mongo-c-driver-crypto.patch')
| -rw-r--r-- | mongo-c-driver-crypto.patch | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/mongo-c-driver-crypto.patch b/mongo-c-driver-crypto.patch new file mode 100644 index 0000000..e3cf7da --- /dev/null +++ b/mongo-c-driver-crypto.patch @@ -0,0 +1,17 @@ +diff -up ./src/mongoc/mongoc-ssl.c.old ./src/mongoc/mongoc-ssl.c +--- ./src/mongoc/mongoc-ssl.c.old 2016-05-16 10:06:56.592895951 +0200 ++++ ./src/mongoc/mongoc-ssl.c 2016-05-16 10:07:57.737182179 +0200 +@@ -405,11 +405,8 @@ _mongoc_ssl_ctx_new (mongoc_ssl_opt_t *o + * SSL_OP_NO_SSLv2 - Disable SSL v2 support */ + SSL_CTX_set_options (ctx, (SSL_OP_ALL | SSL_OP_NO_SSLv2)); + +- /* HIGH - Enable strong ciphers +- * !EXPORT - Disable export ciphers (40/56 bit) +- * !aNULL - Disable anonymous auth ciphers +- * @STRENGTH - Sort ciphers based on strength */ +- SSL_CTX_set_cipher_list (ctx, "HIGH:!EXPORT:!aNULL@STRENGTH"); ++ /* See https://fedoraproject.org/wiki/Packaging:CryptoPolicies */ ++ SSL_CTX_set_cipher_list (ctx, "PROFILE=SYSTEM"); + + /* If renegotiation is needed, don't return from recv() or send() until it's successful. + * Note: this is for blocking sockets only. */ |