rpms/perl-IO-Socket-SSL
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Default to PROFILE=SYSTEM cipher list

Browse Source 
An OpenSSL identifier for a system-wide cryptopolicy cipher list is
"PROFILE=SYSTEM". "DEFAULT" is a different list.

<https://fedoraproject.org/wiki/Packaging:CryptoPolicies#C.2FC.2B.2B_applications>
This commit is contained in:
Petr Písař 2019-11-25 12:18:23 +01:00
parent 3932ca2980
commit 2ad02b78ad
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
IO-Socket-SSL-2.066-use-system-default-cipher-list.patch
View File

@ -12,7 +12,7 @@
+ # Use system-wide default cipher list to support use of system-wide
+ # crypto policy (#1076390, #1127577, CPAN RT#97816)
+ # https://fedoraproject.org/wiki/Changes/CryptoPolicy
+ SSL_cipher_list => 'DEFAULT',
+ SSL_cipher_list => 'PROFILE=SYSTEM',
);
my %DEFAULT_SSL_CLIENT_ARGS = (
@ -93,7 +93,7 @@
-To use the less secure OpenSSL builtin default (whatever this is) set
-SSL_cipher_list to ''.
+recommended to leave this option at the default setting, which honors the
+system-wide DEFAULT cipher list.
+system-wide PROFILE=SYSTEM cipher list.
In case different cipher lists are needed for different SNI hosts a hash can be
given with the host as key and the cipher suite as value, similar to

5
perl-IO-Socket-SSL.spec
View File

@ -1,6 +1,6 @@
Name: perl-IO-Socket-SSL
Version: 2.066
Release: 6%{?dist}
Release: 7%{?dist}
Summary: Perl library for transparent SSL
License: (GPL+ or Artistic) and MPLv2.0
URL: https://metacpan.org/release/IO-Socket-SSL
@ -115,6 +115,9 @@ make test
%{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3*
%changelog
* Mon Nov 25 2019 Petr Pisar <ppisar@redhat.com> - 2.066-7
- Default to PROFILE=SYSTEM cipher list (bug #1775167)
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.066-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild