35 lines
1.3 KiB
Diff
35 lines
1.3 KiB
Diff
|
|
||
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1109119
|
||
|
|
|
||
|
|
Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
|
||
|
|
|
||
|
|
--- httpd-2.4.34/modules/ssl/ssl_engine_config.c.sslciphdefault
|
||
|
|
+++ httpd-2.4.34/modules/ssl/ssl_engine_config.c
|
||
|
|
@@ -774,9 +774,11 @@
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!strcmp("SSL", arg1)) {
|
||
|
|
- /* always disable null and export ciphers */
|
||
|
|
- arg2 = apr_pstrcat(cmd->pool, arg2, ":!aNULL:!eNULL:!EXP", NULL);
|
||
|
|
if (cmd->path) {
|
||
|
|
+ /* Disable null and export ciphers by default, except for PROFILE=
|
||
|
|
+ * configs where the parser doesn't cope. */
|
||
|
|
+ if (strncmp(arg2, "PROFILE=", 8) != 0)
|
||
|
|
+ arg2 = apr_pstrcat(cmd->pool, arg2, ":!aNULL:!eNULL:!EXP", NULL);
|
||
|
|
dc->szCipherSuite = arg2;
|
||
|
|
}
|
||
|
|
else {
|
||
|
|
@@ -1540,8 +1542,10 @@
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!strcmp("SSL", arg1)) {
|
||
|
|
- /* always disable null and export ciphers */
|
||
|
|
- arg2 = apr_pstrcat(cmd->pool, arg2, ":!aNULL:!eNULL:!EXP", NULL);
|
||
|
|
+ /* Disable null and export ciphers by default, except for PROFILE=
|
||
|
|
+ * configs where the parser doesn't cope. */
|
||
|
|
+ if (strncmp(arg2, "PROFILE=", 8) != 0)
|
||
|
|
+ arg2 = apr_pstrcat(cmd->pool, arg2, ":!aNULL:!eNULL:!EXP", NULL);
|
||
|
|
dc->proxy->auth.cipher_suite = arg2;
|
||
|
|
return NULL;
|
||
|
|
}
|