Use system crypto policy by default
Resolves: Bug#1179224
This commit is contained in:
parent
0ae3e30c65
commit
55d9285155
76
Use-system-crypto-policy-by-default.patch
Normal file
76
Use-system-crypto-policy-by-default.patch
Normal file
@ -0,0 +1,76 @@
|
||||
From 7811b36eba8d10f6f9425d120e6999211b3addde Mon Sep 17 00:00:00 2001
|
||||
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
||||
Date: Mon, 26 Sep 2016 19:48:36 +0300
|
||||
Subject: [PATCH] Use system crypto policy by default
|
||||
|
||||
---
|
||||
raddb/mods-available/eap | 2 +-
|
||||
raddb/mods-available/inner-eap | 2 +-
|
||||
raddb/sites-available/abfab-tls | 2 +-
|
||||
raddb/sites-available/tls | 4 ++--
|
||||
4 files changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
|
||||
index 8f38c47..432389a 100644
|
||||
--- a/raddb/mods-available/eap
|
||||
+++ b/raddb/mods-available/eap
|
||||
@@ -320,7 +320,7 @@ eap {
|
||||
# Set this option to specify the allowed
|
||||
# TLS cipher suites. The format is listed
|
||||
# in "man 1 ciphers".
|
||||
- cipher_list = "DEFAULT"
|
||||
+ cipher_list = "PROFILE=SYSTEM"
|
||||
|
||||
# Work-arounds for OpenSSL nonsense
|
||||
# OpenSSL 1.0.1f and 1.0.1g do not calculate
|
||||
diff --git a/raddb/mods-available/inner-eap b/raddb/mods-available/inner-eap
|
||||
index 2b4df62..af9aa88 100644
|
||||
--- a/raddb/mods-available/inner-eap
|
||||
+++ b/raddb/mods-available/inner-eap
|
||||
@@ -68,7 +68,7 @@ eap inner-eap {
|
||||
# certificates. If so, edit this file.
|
||||
ca_file = ${cadir}/ca.pem
|
||||
|
||||
- cipher_list = "DEFAULT"
|
||||
+ cipher_list = "PROFILE=SYSTEM"
|
||||
|
||||
# You may want to set a very small fragment size.
|
||||
# The TLS data here needs to go inside of the
|
||||
diff --git a/raddb/sites-available/abfab-tls b/raddb/sites-available/abfab-tls
|
||||
index 79d74e6..d04d6be 100644
|
||||
--- a/raddb/sites-available/abfab-tls
|
||||
+++ b/raddb/sites-available/abfab-tls
|
||||
@@ -19,7 +19,7 @@ listen {
|
||||
dh_file = ${certdir}/dh
|
||||
fragment_size = 8192
|
||||
ca_path = ${cadir}
|
||||
- cipher_list = "DEFAULT"
|
||||
+ cipher_list = "PROFILE=SYSTEM"
|
||||
|
||||
cache {
|
||||
enable = no
|
||||
diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls
|
||||
index eb60fa5..9b340d2 100644
|
||||
--- a/raddb/sites-available/tls
|
||||
+++ b/raddb/sites-available/tls
|
||||
@@ -197,7 +197,7 @@ listen {
|
||||
# Set this option to specify the allowed
|
||||
# TLS cipher suites. The format is listed
|
||||
# in "man 1 ciphers".
|
||||
- cipher_list = "DEFAULT"
|
||||
+ cipher_list = "PROFILE=SYSTEM"
|
||||
|
||||
#
|
||||
# Session resumption / fast reauthentication
|
||||
@@ -493,7 +493,7 @@ home_server tls {
|
||||
# Set this option to specify the allowed
|
||||
# TLS cipher suites. The format is listed
|
||||
# in "man 1 ciphers".
|
||||
- cipher_list = "DEFAULT"
|
||||
+ cipher_list = "PROFILE=SYSTEM"
|
||||
}
|
||||
|
||||
}
|
||||
--
|
||||
2.9.3
|
||||
|
@ -1,7 +1,7 @@
|
||||
Summary: High-performance and highly configurable free RADIUS server
|
||||
Name: freeradius
|
||||
Version: 3.0.11
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: GPLv2+ and LGPLv2+
|
||||
Group: System Environment/Daemons
|
||||
URL: http://www.freeradius.org/
|
||||
@ -22,6 +22,7 @@ Source103: freeradius-pam-conf
|
||||
Source104: freeradius-tmpfiles.conf
|
||||
|
||||
Patch1: freeradius-redhat-config.patch
|
||||
Patch2: Use-system-crypto-policy-by-default.patch
|
||||
|
||||
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
|
||||
|
||||
@ -188,6 +189,7 @@ This plugin provides the REST support for the FreeRADIUS server project.
|
||||
# Note: We explicitly do not make patch backup files because 'make install'
|
||||
# mistakenly includes the backup files, especially problematic for raddb config files.
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
%build
|
||||
# Force compile/link options, extra security for network facing daemon
|
||||
@ -782,6 +784,10 @@ exit 0
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
|
||||
|
||||
%changelog
|
||||
* Mon Sep 26 2016 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.11-3
|
||||
- Switch default configuration to use system's crypto policy.
|
||||
Resolves: Bug#1179224
|
||||
|
||||
* Tue May 17 2016 Jitka Plesnikova <jplesnik@redhat.com> - 3.0.11-2
|
||||
- Perl 5.24 rebuild
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user