2023-11-28 12:04:23 +01:00
|
|
|
Index: openssl-3.2.0/test/recipes/99-test_suse_default_ciphers.t
|
2020-04-24 10:03:40 +02:00
|
|
|
===================================================================
|
2020-10-15 21:22:03 +02:00
|
|
|
--- /dev/null
|
2023-11-28 12:04:23 +01:00
|
|
|
+++ openssl-3.2.0/test/recipes/99-test_suse_default_ciphers.t
|
2020-04-24 10:03:40 +02:00
|
|
|
@@ -0,0 +1,23 @@
|
|
|
|
|
+#! /usr/bin/env perl
|
|
|
|
|
+
|
|
|
|
|
+use strict;
|
|
|
|
|
+use warnings;
|
|
|
|
|
+
|
|
|
|
|
+use OpenSSL::Test qw/:DEFAULT/;
|
|
|
|
|
+use OpenSSL::Test::Utils;
|
|
|
|
|
+
|
|
|
|
|
+setup("test_default_ciphersuites");
|
|
|
|
|
+
|
|
|
|
|
+plan tests => 6;
|
|
|
|
|
+
|
|
|
|
|
+my @cipher_suites = ("DEFAULT_SUSE", "DEFAULT");
|
|
|
|
|
+
|
|
|
|
|
+foreach my $cipherlist (@cipher_suites) {
|
|
|
|
|
+ ok(run(app(["openssl", "ciphers", "-s", $cipherlist])),
|
|
|
|
|
+ "openssl ciphers works with ciphersuite $cipherlist");
|
|
|
|
|
+ ok(!grep(/(MD5|RC4|DES)/, run(app(["openssl", "ciphers", "-s", $cipherlist]), capture => 1)),
|
|
|
|
|
+ "$cipherlist shouldn't contain MD5, DES or RC4\n");
|
|
|
|
|
+ ok(grep(/(TLSv1.3)/, run(app(["openssl", "ciphers", "-tls1_3", "-s", "-v", $cipherlist]), capture => 1)),
|
|
|
|
|
+ "$cipherlist should contain TLSv1.3 ciphers\n");
|
|
|
|
|
+}
|
|
|
|
|
+
|
2023-11-28 12:04:23 +01:00
|
|
|
Index: openssl-3.2.0/include/openssl/ssl.h.in
|
2020-10-15 21:22:03 +02:00
|
|
|
===================================================================
|
2023-11-28 12:04:23 +01:00
|
|
|
--- openssl-3.2.0.orig/include/openssl/ssl.h.in
|
|
|
|
|
+++ openssl-3.2.0/include/openssl/ssl.h.in
|
|
|
|
|
@@ -194,6 +194,11 @@ extern "C" {
|
2020-10-15 21:22:03 +02:00
|
|
|
*/
|
|
|
|
|
# ifndef OPENSSL_NO_DEPRECATED_3_0
|
|
|
|
|
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
|
|
|
|
|
+# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
|
|
|
|
|
+ "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\
|
|
|
|
|
+ "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
|
|
|
|
|
+ "DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
|
|
|
|
|
+ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA"
|
|
|
|
|
/*
|
|
|
|
|
* This is the default set of TLSv1.3 ciphersuites
|
|
|
|
|
* DEPRECATED IN 3.0.0, in favor of OSSL_default_ciphersuites()
|
2023-11-28 12:04:23 +01:00
|
|
|
Index: openssl-3.2.0/ssl/ssl_ciph.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- openssl-3.2.0.orig/ssl/ssl_ciph.c
|
|
|
|
|
+++ openssl-3.2.0/ssl/ssl_ciph.c
|
|
|
|
|
@@ -1623,7 +1623,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
|
|
|
|
*/
|
|
|
|
|
ok = 1;
|
|
|
|
|
rule_p = rule_str;
|
|
|
|
|
- if (HAS_PREFIX(rule_str, "DEFAULT")) {
|
|
|
|
|
+ if (HAS_PREFIX(rule_str, "DEFAULT_SUSE")) {
|
|
|
|
|
+ ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST,
|
|
|
|
|
+ &head, &tail, ca_list, c);
|
|
|
|
|
+ rule_p += 12;
|
|
|
|
|
+ if (*rule_p == ':')
|
|
|
|
|
+ rule_p++;
|
|
|
|
|
+ }
|
|
|
|
|
+ else if (HAS_PREFIX(rule_str, "DEFAULT")) {
|
|
|
|
|
ok = ssl_cipher_process_rulestr(OSSL_default_cipher_list(),
|
|
|
|
|
&head, &tail, ca_list, c);
|
|
|
|
|
rule_p += 7;
|
