b629b66276
- Synced patches with native openssl-1.0.1e-38.fc21 - Enable ECC support (RHBZ #1037919) - Fixes CVE-2013-6450 (RHBZ #1047844) - Fixes CVE-2013-4353 (RHBZ #1049062) - Fixes CVE-2013-6449 (RHBZ #1045444)
13 lines
745 B
Diff
13 lines
745 B
Diff
diff -up openssl-1.0.1e/ssl/ssl.h.weak-ciphers openssl-1.0.1e/ssl/ssl.h
|
|
--- openssl-1.0.1e/ssl/ssl.h.weak-ciphers 2013-12-18 15:50:40.881620314 +0100
|
|
+++ openssl-1.0.1e/ssl/ssl.h 2013-12-18 14:25:25.596566704 +0100
|
|
@@ -331,7 +331,7 @@ extern "C" {
|
|
/* The following cipher list is used by default.
|
|
* It also is substituted when an application-defined cipher list string
|
|
* starts with 'DEFAULT'. */
|
|
-#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
|
|
+#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES"
|
|
/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
|
|
* starts with a reasonable order, and all we have to do for DEFAULT is
|
|
* throwing out anonymous and unencrypted ciphersuites!
|