From 6c8c4c8c85204943223b251d09ca1e93571a437a Mon Sep 17 00:00:00 2001
From: Sahana Prasad <sprasad@localhost.localdomain>
Date: Mon, 12 Sep 2022 11:07:38 +0200
Subject: [PATCH 3/7] Use cipher configuration from crypto-policies

On Fedora, CentOS and RHEL, the system's crypto policies are the best
source to determine which cipher suites to accept in TLS. On these
platforms, OpenSSL supports the PROFILE=SYSTEM setting to use those
policies. Change stunnel to default to this setting.

Co-Authored-by: Sahana Prasad <shebburn@redhat.com>
Patch-name: stunnel-5.69-system-ciphers.patch
Patch-id: 3
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
 src/options.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/options.c b/src/options.c
index 6e4a18b..4d31815 100644
--- a/src/options.c
+++ b/src/options.c
@@ -321,9 +321,9 @@ static const char *option_not_found=
     "Specified option name is not valid here";
 
 static const char *stunnel_cipher_list=
-    "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK";
+    "PROFILE=SYSTEM";
 static const char *fips_cipher_list=
-    "FIPS:!DH:!kDHEPSK";
+    "PROFILE=SYSTEM";
 
 #ifndef OPENSSL_NO_TLS1_3
 static const char *stunnel_ciphersuites=
-- 
2.39.2