3505ea6700
Four patches are not being applied due to failures in the build and/or applying them: - openssl-1.1.1-fips.patch - openssl-1.1.1-fips-post-rand.patch - openssl-1.1.1-evp-kdf.patch - openssl-1.1.1-ssh-kdf.patch Mind that fips related patches were not applied in the previously version either. Resolves: rhbz#1740772 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
58 lines
1.5 KiB
Diff
58 lines
1.5 KiB
Diff
diff -up openssl-1.1.1/ssl/s3_lib.c.weak-ciphers openssl-1.1.1/ssl/s3_lib.c
|
|
--- openssl-1.1.1/ssl/s3_lib.c.weak-ciphers 2018-09-11 14:48:23.000000000 +0200
|
|
+++ openssl-1.1.1/ssl/s3_lib.c 2018-09-17 12:53:33.850637181 +0200
|
|
@@ -2612,7 +2612,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
|
SSL_GOST89MAC,
|
|
TLS1_VERSION, TLS1_2_VERSION,
|
|
0, 0,
|
|
- SSL_HIGH,
|
|
+ SSL_MEDIUM,
|
|
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
|
|
256,
|
|
256,
|
|
@@ -2644,7 +2644,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
|
SSL_GOST89MAC12,
|
|
TLS1_VERSION, TLS1_2_VERSION,
|
|
0, 0,
|
|
- SSL_HIGH,
|
|
+ SSL_MEDIUM,
|
|
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
|
|
256,
|
|
256,
|
|
@@ -2753,7 +2753,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
|
},
|
|
#endif /* OPENSSL_NO_SEED */
|
|
|
|
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
|
+#if 0 /* No MD5 ciphersuites */
|
|
{
|
|
1,
|
|
SSL3_TXT_RSA_RC4_128_MD5,
|
|
@@ -2770,6 +2770,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
|
128,
|
|
128,
|
|
},
|
|
+#endif
|
|
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
|
{
|
|
1,
|
|
SSL3_TXT_RSA_RC4_128_SHA,
|
|
@@ -2786,6 +2788,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
|
128,
|
|
128,
|
|
},
|
|
+#endif
|
|
+#if 0
|
|
{
|
|
1,
|
|
SSL3_TXT_ADH_RC4_128_MD5,
|
|
@@ -2802,6 +2806,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
|
128,
|
|
128,
|
|
},
|
|
+#endif
|
|
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
|
{
|
|
1,
|
|
TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
|