summaryrefslogtreecommitdiffstats
path: root/unit-syspol.patch
blob: cff3889eadb4996c65ec4241ac9a5695f45dffba (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
diff -up ./src/nxt_openssl.c.syspol ./src/nxt_openssl.c
--- ./src/nxt_openssl.c.syspol	2021-03-25 15:15:30.000000000 +0100
+++ ./src/nxt_openssl.c	2021-03-26 07:46:53.897688835 +0100
@@ -261,7 +261,7 @@ nxt_openssl_server_init(nxt_task_t *task
     nxt_mp_t *mp, nxt_bool_t last)
 {
     SSL_CTX                *ctx;
-    const char             *ciphers, *ca_certificate;
+    const char             *ca_certificate;
     STACK_OF(X509_NAME)    *list;
     nxt_tls_bundle_conf_t  *bundle;
 
@@ -318,13 +318,13 @@ nxt_openssl_server_init(nxt_task_t *task
         goto fail;
     }
 */
-    ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
-
-    if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
-        nxt_openssl_log_error(task, NXT_LOG_ALERT,
+    if (conf->ciphers) { /* else use system crypto policy */
+        if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) {
+            nxt_openssl_log_error(task, NXT_LOG_ALERT,
                               "SSL_CTX_set_cipher_list(\"%s\") failed",
-                              ciphers);
-        goto fail;
+                              conf->ciphers);
+            goto fail;
+        }
     }
 
     SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);