rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity
fd03d5ee37
httpd/httpd-2.4.17-sslciphdefault.patch

34 lines
1.3 KiB
Diff
Raw Normal View History

update to 2.4.17 (#1271224) - build, load mod_http2 - don't build mod_asis, mod_file_cache - load mod_cache_socache, mod_proxy_wstunnel by default - check every built mod_* is configured - synch ssl.conf with upstream; disable SSLv3 by default Resolves: rhbz#1271224
2015-10-14 08:06:30 +00:00
https://bugzilla.redhat.com/show_bug.cgi?id=1109119
Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
--- httpd-2.4.17/modules/ssl/ssl_engine_config.c.sslciphdefault
+++ httpd-2.4.17/modules/ssl/ssl_engine_config.c
@@ -708,8 +708,10 @@ const char *ssl_cmd_SSLCipherSuite(cmd_p
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
- /* always disable null and export ciphers */
- arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
+ /* Disable null and export ciphers by default, except for PROFILE=
+ * configs where the parser doesn't cope. */
+ if (strncmp(arg, "PROFILE=", 8) != 0)
+ arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
if (cmd->path) {
dc->szCipherSuite = arg;
@@ -1428,8 +1430,10 @@ const char *ssl_cmd_SSLProxyCipherSuite(
{
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- /* always disable null and export ciphers */
- arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
+ /* Disable null and export ciphers by default, except for PROFILE=
+ * configs where the parser doesn't cope. */
+ if (strncmp(arg, "PROFILE=", 8) != 0)
+ arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
sc->proxy->auth.cipher_suite = arg;
Reference in New Issue Copy Permalink