forked from rpms/openssl
reinstate accidentally dropped patch for weak ciphersuites
This commit is contained in:
Tomas Mraz
parent
746c76a1d7
commit
33bd389ea8
@ -0,0 +1,57 @@
|
|||||||
|
diff -up openssl-1.1.1/ssl/s3_lib.c.weak-ciphers openssl-1.1.1/ssl/s3_lib.c
|
||||||
|
--- openssl-1.1.1/ssl/s3_lib.c.weak-ciphers 2018-09-11 14:48:23.000000000 +0200
|
||||||
|
+++ openssl-1.1.1/ssl/s3_lib.c 2018-09-17 12:53:33.850637181 +0200
|
||||||
|
@@ -2612,7 +2612,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||||
|
SSL_GOST89MAC,
|
||||||
|
TLS1_VERSION, TLS1_2_VERSION,
|
||||||
|
0, 0,
|
||||||
|
- SSL_HIGH,
|
||||||
|
+ SSL_MEDIUM,
|
||||||
|
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
|
||||||
|
256,
|
||||||
|
256,
|
||||||
|
@@ -2644,7 +2644,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||||
|
SSL_GOST89MAC12,
|
||||||
|
TLS1_VERSION, TLS1_2_VERSION,
|
||||||
|
0, 0,
|
||||||
|
- SSL_HIGH,
|
||||||
|
+ SSL_MEDIUM,
|
||||||
|
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
|
||||||
|
256,
|
||||||
|
256,
|
||||||
|
@@ -2753,7 +2753,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||||
|
},
|
||||||
|
#endif /* OPENSSL_NO_SEED */
|
||||||
|
|
||||||
|
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
|
+#if 0 /* No MD5 ciphersuites */
|
||||||
|
{
|
||||||
|
1,
|
||||||
|
SSL3_TXT_RSA_RC4_128_MD5,
|
||||||
|
@@ -2770,6 +2770,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||||
|
128,
|
||||||
|
128,
|
||||||
|
},
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
|
{
|
||||||
|
1,
|
||||||
|
SSL3_TXT_RSA_RC4_128_SHA,
|
||||||
|
@@ -2786,6 +2788,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||||
|
128,
|
||||||
|
128,
|
||||||
|
},
|
||||||
|
+#endif
|
||||||
|
+#if 0
|
||||||
|
{
|
||||||
|
1,
|
||||||
|
SSL3_TXT_ADH_RC4_128_MD5,
|
||||||
|
@@ -2802,6 +2806,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||||
|
128,
|
||||||
|
128,
|
||||||
|
},
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
|
{
|
||||||
|
1,
|
||||||
|
TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
|
||||||
@ -22,7 +22,7 @@
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.1.1
|
Version: 1.1.1
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -449,6 +449,9 @@ export LD_LIBRARY_PATH
|
|||||||
%postun libs -p /sbin/ldconfig
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Sep 17 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-3
|
||||||
|
- reinstate accidentally dropped patch for weak ciphersuites
|
||||||
|
|
||||||
* Fri Sep 14 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-2
|
* Fri Sep 14 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-2
|
||||||
- for consistent support of security policies we build
|
- for consistent support of security policies we build
|
||||||
RC4 support in TLS (not default) and allow SHA1 in SECLEVEL 2
|
RC4 support in TLS (not default) and allow SHA1 in SECLEVEL 2
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user