Search
j0ke.net Open Build Service
>
Projects
>
home:netmax
:
monitoring
>
openssl1
> openssl-1.0.1e-add-suse-default-cipher-header.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File openssl-1.0.1e-add-suse-default-cipher-header.patch of Package openssl1
Index: openssl-1.0.1i-old/ssl/ssl.h =================================================================== --- openssl-1.0.1i-old.orig/ssl/ssl.h 2014-08-06 23:15:58.000000000 +0200 +++ openssl-1.0.1i-old/ssl/ssl.h 2017-11-03 12:55:41.478881926 +0100 @@ -332,7 +332,12 @@ extern "C" { /* The following cipher list is used by default. * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ -#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" +#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES" +#define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\ +"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\ + "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\ + "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA" + /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is * throwing out anonymous and unencrypted ciphersuites!