added appropriate values to ssl_ciphers (dh and ecdh patches)

vsftpd-3.0.2-dh.patch

@@ -1,6 +1,6 @@
 diff -up vsftpd-3.0.2/parseconf.c.dh vsftpd-3.0.2/parseconf.c
---- vsftpd-3.0.2/parseconf.c.dh	2014-06-04 09:54:43.364747051 +0200
+--- vsftpd-3.0.2/parseconf.c.dh	2014-09-15 15:07:43.719909056 +0200
-+++ vsftpd-3.0.2/parseconf.c	2014-06-04 09:54:43.368747052 +0200
++++ vsftpd-3.0.2/parseconf.c	2014-09-15 15:07:43.724909061 +0200
 @@ -176,6 +176,7 @@ parseconf_str_array[] =
    { "email_password_file", &tunable_email_password_file },
    { "rsa_cert_file", &tunable_rsa_cert_file },
@@ -11,7 +11,7 @@ diff -up vsftpd-3.0.2/parseconf.c.dh vsftpd-3.0.2/parseconf.c
    { "dsa_private_key_file", &tunable_dsa_private_key_file },
 diff -up vsftpd-3.0.2/ssl.c.dh vsftpd-3.0.2/ssl.c
 --- vsftpd-3.0.2/ssl.c.dh	2012-04-03 02:23:42.000000000 +0200
-+++ vsftpd-3.0.2/ssl.c	2014-06-04 09:55:59.443770325 +0200
++++ vsftpd-3.0.2/ssl.c	2014-09-15 15:07:43.725909062 +0200
 @@ -28,6 +28,8 @@
  #include <openssl/err.h>
  #include <openssl/rand.h>
@@ -155,8 +155,8 @@ diff -up vsftpd-3.0.2/ssl.c.dh vsftpd-3.0.2/ssl.c
  ssl_add_entropy(struct vsf_session* p_sess)
  {
 diff -up vsftpd-3.0.2/tunables.c.dh vsftpd-3.0.2/tunables.c
---- vsftpd-3.0.2/tunables.c.dh	2014-06-04 09:54:43.364747051 +0200
+--- vsftpd-3.0.2/tunables.c.dh	2014-09-15 15:07:43.720909057 +0200
-+++ vsftpd-3.0.2/tunables.c	2014-06-04 09:54:43.369747052 +0200
++++ vsftpd-3.0.2/tunables.c	2014-09-15 15:12:46.516209941 +0200
 @@ -140,6 +140,7 @@ const char* tunable_user_sub_token;
  const char* tunable_email_password_file;
  const char* tunable_rsa_cert_file;
@@ -165,17 +165,20 @@ diff -up vsftpd-3.0.2/tunables.c.dh vsftpd-3.0.2/tunables.c
  const char* tunable_ssl_ciphers;
  const char* tunable_rsa_private_key_file;
  const char* tunable_dsa_private_key_file;
-@@ -288,6 +289,7 @@ tunables_load_defaults()
+@@ -288,7 +289,9 @@ tunables_load_defaults()
    install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
                        &tunable_rsa_cert_file);
    install_str_setting(0, &tunable_dsa_cert_file);
+-  install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers);
 +  install_str_setting(0, &tunable_dh_param_file);
-   install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers);
++  install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA",
++                      &tunable_ssl_ciphers);
    install_str_setting(0, &tunable_rsa_private_key_file);
    install_str_setting(0, &tunable_dsa_private_key_file);
+   install_str_setting(0, &tunable_ca_certs_file);
 diff -up vsftpd-3.0.2/tunables.h.dh vsftpd-3.0.2/tunables.h
---- vsftpd-3.0.2/tunables.h.dh	2014-06-04 09:54:43.364747051 +0200
+--- vsftpd-3.0.2/tunables.h.dh	2014-09-15 15:07:43.720909057 +0200
-+++ vsftpd-3.0.2/tunables.h	2014-06-04 09:54:43.369747052 +0200
++++ vsftpd-3.0.2/tunables.h	2014-09-15 15:07:43.725909062 +0200
 @@ -142,6 +142,7 @@ extern const char* tunable_user_sub_toke
  extern const char* tunable_email_password_file;
  extern const char* tunable_rsa_cert_file;
@@ -185,8 +188,8 @@ diff -up vsftpd-3.0.2/tunables.h.dh vsftpd-3.0.2/tunables.h
  extern const char* tunable_rsa_private_key_file;
  extern const char* tunable_dsa_private_key_file;
 diff -up vsftpd-3.0.2/vsftpd.conf.5.dh vsftpd-3.0.2/vsftpd.conf.5
---- vsftpd-3.0.2/vsftpd.conf.5.dh	2014-06-04 09:54:43.364747051 +0200
+--- vsftpd-3.0.2/vsftpd.conf.5.dh	2014-09-15 15:07:43.720909057 +0200
-+++ vsftpd-3.0.2/vsftpd.conf.5	2014-06-04 09:54:43.369747052 +0200
++++ vsftpd-3.0.2/vsftpd.conf.5	2014-09-15 15:07:43.725909062 +0200
 @@ -893,6 +893,12 @@ to be in the same file as the certificat
  
  Default: (none)

vsftpd-3.0.2-ecdh.patch

@@ -1,6 +1,6 @@
 diff -up vsftpd-3.0.2/parseconf.c.ecdh vsftpd-3.0.2/parseconf.c
---- vsftpd-3.0.2/parseconf.c.ecdh	2014-06-04 09:56:56.358788746 +0200
+--- vsftpd-3.0.2/parseconf.c.ecdh	2014-09-15 15:49:48.801315298 +0200
-+++ vsftpd-3.0.2/parseconf.c	2014-06-04 09:56:56.360788747 +0200
++++ vsftpd-3.0.2/parseconf.c	2014-09-15 15:49:48.804315301 +0200
 @@ -177,6 +177,7 @@ parseconf_str_array[] =
    { "rsa_cert_file", &tunable_rsa_cert_file },
    { "dsa_cert_file", &tunable_dsa_cert_file },
@@ -10,8 +10,8 @@ diff -up vsftpd-3.0.2/parseconf.c.ecdh vsftpd-3.0.2/parseconf.c
    { "rsa_private_key_file", &tunable_rsa_private_key_file },
    { "dsa_private_key_file", &tunable_dsa_private_key_file },
 diff -up vsftpd-3.0.2/ssl.c.ecdh vsftpd-3.0.2/ssl.c
---- vsftpd-3.0.2/ssl.c.ecdh	2014-06-04 09:56:56.358788746 +0200
+--- vsftpd-3.0.2/ssl.c.ecdh	2014-09-15 15:49:48.802315299 +0200
-+++ vsftpd-3.0.2/ssl.c	2014-06-04 09:56:56.360788747 +0200
++++ vsftpd-3.0.2/ssl.c	2014-09-15 15:49:48.804315301 +0200
 @@ -122,7 +122,7 @@ ssl_init(struct vsf_session* p_sess)
      {
        die("SSL: could not allocate SSL context");
@@ -64,8 +64,8 @@ diff -up vsftpd-3.0.2/ssl.c.ecdh vsftpd-3.0.2/ssl.c
      ssl_inited = 1;
    }
 diff -up vsftpd-3.0.2/tunables.c.ecdh vsftpd-3.0.2/tunables.c
---- vsftpd-3.0.2/tunables.c.ecdh	2014-06-04 09:56:56.358788746 +0200
+--- vsftpd-3.0.2/tunables.c.ecdh	2014-09-15 15:49:48.802315299 +0200
-+++ vsftpd-3.0.2/tunables.c	2014-06-04 09:56:56.361788747 +0200
++++ vsftpd-3.0.2/tunables.c	2014-09-15 15:51:13.176386035 +0200
 @@ -141,6 +141,7 @@ const char* tunable_email_password_file;
  const char* tunable_rsa_cert_file;
  const char* tunable_dsa_cert_file;
@@ -74,17 +74,19 @@ diff -up vsftpd-3.0.2/tunables.c.ecdh vsftpd-3.0.2/tunables.c
  const char* tunable_ssl_ciphers;
  const char* tunable_rsa_private_key_file;
  const char* tunable_dsa_private_key_file;
-@@ -290,6 +291,7 @@ tunables_load_defaults()
+@@ -290,7 +291,8 @@ tunables_load_defaults()
                        &tunable_rsa_cert_file);
    install_str_setting(0, &tunable_dsa_cert_file);
    install_str_setting(0, &tunable_dh_param_file);
+-  install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA",
 +  install_str_setting(0, &tunable_ecdh_param_file);
-   install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers);
++  install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA",
+                       &tunable_ssl_ciphers);
    install_str_setting(0, &tunable_rsa_private_key_file);
    install_str_setting(0, &tunable_dsa_private_key_file);
 diff -up vsftpd-3.0.2/tunables.h.ecdh vsftpd-3.0.2/tunables.h
---- vsftpd-3.0.2/tunables.h.ecdh	2014-06-04 09:56:56.359788746 +0200
+--- vsftpd-3.0.2/tunables.h.ecdh	2014-09-15 15:49:48.802315299 +0200
-+++ vsftpd-3.0.2/tunables.h	2014-06-04 09:56:56.361788747 +0200
++++ vsftpd-3.0.2/tunables.h	2014-09-15 15:49:48.804315301 +0200
 @@ -143,6 +143,7 @@ extern const char* tunable_email_passwor
  extern const char* tunable_rsa_cert_file;
  extern const char* tunable_dsa_cert_file;
@@ -94,9 +96,9 @@ diff -up vsftpd-3.0.2/tunables.h.ecdh vsftpd-3.0.2/tunables.h
  extern const char* tunable_rsa_private_key_file;
  extern const char* tunable_dsa_private_key_file;
 diff -up vsftpd-3.0.2/vsftpd.conf.5.ecdh vsftpd-3.0.2/vsftpd.conf.5
---- vsftpd-3.0.2/vsftpd.conf.5.ecdh	2014-06-04 09:56:56.359788746 +0200
+--- vsftpd-3.0.2/vsftpd.conf.5.ecdh	2014-09-15 15:49:48.802315299 +0200
-+++ vsftpd-3.0.2/vsftpd.conf.5	2014-06-04 09:56:56.361788747 +0200
++++ vsftpd-3.0.2/vsftpd.conf.5	2014-09-15 15:49:48.806315302 +0200
-@@ -899,6 +899,14 @@ ephemeral Diffie-Hellman key exchange in
+@@ -899,6 +915,14 @@ ephemeral Diffie-Hellman key exchange in
  
  Default: (none - use built in parameters appropriate for certificate key size)
  .TP

vsftpd.spec

@@ -3,7 +3,7 @@
 
 Name: vsftpd
 Version: 3.0.2
-Release: 12%{?dist}
+Release: 13%{?dist}
 Summary: Very Secure Ftp Daemon
 
 Group: System Environment/Daemons
@@ -167,6 +167,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_var}/ftp
 
 %changelog
+* Tue Sep 16 2014 Jiri Skala <jskala@redhat.com> - 3.0.2-13
+- added appropriate values to ssl_ciphers (dh and ecdh patches)
+
 * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.0.2-12
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild