freeradius/freeradius-Use-system-crypto-policy-by-default.patch

77 lines
2.3 KiB
Diff
Raw Normal View History

2017-03-07 14:09:22 +00:00
From 20779164a67f77bd9530a9c5ac9cfbe249977db9 Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Mon, 26 Sep 2016 19:48:36 +0300
Subject: [PATCH] Use system crypto policy by default
---
raddb/mods-available/eap | 2 +-
raddb/mods-available/inner-eap | 2 +-
raddb/sites-available/abfab-tls | 2 +-
raddb/sites-available/tls | 4 ++--
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
2017-03-07 14:09:22 +00:00
index 9659db1cd..b1ece3ad0 100644
--- a/raddb/mods-available/eap
+++ b/raddb/mods-available/eap
2017-02-17 10:34:19 +00:00
@@ -323,7 +323,7 @@ eap {
#
# For EAP-FAST, use "ALL:!EXPORT:!eNULL:!SSLv2"
#
- cipher_list = "DEFAULT"
+ cipher_list = "PROFILE=SYSTEM"
2017-03-07 14:09:22 +00:00
# If enabled, OpenSSL will use server cipher list
# (possibly defined by cipher_list option above)
diff --git a/raddb/mods-available/inner-eap b/raddb/mods-available/inner-eap
2017-02-17 10:34:19 +00:00
index 2b4df6267..af9aa88cd 100644
--- a/raddb/mods-available/inner-eap
+++ b/raddb/mods-available/inner-eap
@@ -68,7 +68,7 @@ eap inner-eap {
# certificates. If so, edit this file.
ca_file = ${cadir}/ca.pem
- cipher_list = "DEFAULT"
+ cipher_list = "PROFILE=SYSTEM"
# You may want to set a very small fragment size.
# The TLS data here needs to go inside of the
diff --git a/raddb/sites-available/abfab-tls b/raddb/sites-available/abfab-tls
2017-02-17 10:34:19 +00:00
index 79d74e6fc..d04d6be89 100644
--- a/raddb/sites-available/abfab-tls
+++ b/raddb/sites-available/abfab-tls
@@ -19,7 +19,7 @@ listen {
dh_file = ${certdir}/dh
fragment_size = 8192
ca_path = ${cadir}
- cipher_list = "DEFAULT"
+ cipher_list = "PROFILE=SYSTEM"
cache {
enable = no
diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls
2017-03-07 14:09:22 +00:00
index c9555e1c7..a34d009a7 100644
--- a/raddb/sites-available/tls
+++ b/raddb/sites-available/tls
@@ -197,7 +197,7 @@ listen {
# Set this option to specify the allowed
# TLS cipher suites. The format is listed
# in "man 1 ciphers".
- cipher_list = "DEFAULT"
+ cipher_list = "PROFILE=SYSTEM"
2017-03-07 14:09:22 +00:00
# If enabled, OpenSSL will use server cipher list
# (possibly defined by cipher_list option above)
@@ -501,7 +501,7 @@ home_server tls {
# Set this option to specify the allowed
# TLS cipher suites. The format is listed
# in "man 1 ciphers".
- cipher_list = "DEFAULT"
+ cipher_list = "PROFILE=SYSTEM"
}
}
--
2017-02-17 10:34:19 +00:00
2.11.0