freeradius/freeradius-Use-system-crypto-policy-by-default.patch
Antonio Torres eaa7823ffa Update to 3.0.22
Update to 3.0.22. This includes adaptation of patches
and addition of new files present in the release.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1961190
Signed-off-by: Antonio Torres <antorres@redhat.com>
2021-06-04 17:12:24 +02:00

87 lines
2.7 KiB
Diff

From a7ed62fbcc043a9ec7a4f09962a2cd2acffa019b Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Wed, 8 May 2019 10:16:31 -0400
Subject: [PATCH] Use system-provided crypto-policies by default
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
raddb/mods-available/eap | 4 ++--
raddb/mods-available/inner-eap | 2 +-
raddb/sites-available/abfab-tls | 2 +-
raddb/sites-available/tls | 4 ++--
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
index 36849e10f2..b28c0f19c6 100644
--- a/raddb/mods-available/eap
+++ b/raddb/mods-available/eap
@@ -370,7 +370,7 @@ eap {
# TLS cipher suites. The format is listed
# in "man 1 ciphers".
#
- cipher_list = "DEFAULT"
+ cipher_list = "PROFILE=SYSTEM"
# If enabled, OpenSSL will use server cipher list
# (possibly defined by cipher_list option above)
@@ -1008,7 +1008,7 @@ eap {
# "DEFAULT" as "DEFAULT" contains "!aNULL" so instead it is
# recommended "ALL:!EXPORT:!eNULL:!SSLv2" is used
#
- # cipher_list = "ALL:!EXPORT:!eNULL:!SSLv2"
+ # cipher_list = "PROFILE=SYSTEM"
# PAC lifetime in seconds (default: seven days)
#
diff --git a/raddb/mods-available/inner-eap b/raddb/mods-available/inner-eap
index 576eb7739e..ffa07188e2 100644
--- a/raddb/mods-available/inner-eap
+++ b/raddb/mods-available/inner-eap
@@ -77,7 +77,7 @@ eap inner-eap {
# certificates. If so, edit this file.
ca_file = ${cadir}/ca.pem
- cipher_list = "DEFAULT"
+ cipher_list = "PROFILE=SYSTEM"
# You may want to set a very small fragment size.
# The TLS data here needs to go inside of the
diff --git a/raddb/sites-available/abfab-tls b/raddb/sites-available/abfab-tls
index b8d0626bbe..073b2933c2 100644
--- a/raddb/sites-available/abfab-tls
+++ b/raddb/sites-available/abfab-tls
@@ -20,7 +20,7 @@ listen {
dh_file = ${certdir}/dh
fragment_size = 8192
ca_path = ${cadir}
- cipher_list = "DEFAULT"
+ cipher_list = "PROFILE=SYSTEM"
cache {
enable = no
lifetime = 24 # hours
diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls
index bbc761b1c5..83cd35b851 100644
--- a/raddb/sites-available/tls
+++ b/raddb/sites-available/tls
@@ -215,7 +215,7 @@ listen {
# Set this option to specify the allowed
# TLS cipher suites. The format is listed
# in "man 1 ciphers".
- cipher_list = "DEFAULT"
+ cipher_list = "PROFILE=SYSTEM"
# If enabled, OpenSSL will use server cipher list
# (possibly defined by cipher_list option above)
@@ -517,7 +517,7 @@ home_server tls {
# Set this option to specify the allowed
# TLS cipher suites. The format is listed
# in "man 1 ciphers".
- cipher_list = "DEFAULT"
+ cipher_list = "PROFILE=SYSTEM"
}
}
--
2.21.0