Andreas Vetter
63b64b2323
- Enable crypto-policies support: [bsc#1211301]
* The system's crypto-policies are the best source to determine
which cipher suites to accept in TLS. OpenSSL supports the
PROFILE=SYSTEM setting to use those policies. Change stunnel
to default to the system settings.
* Add patches:
- stunnel-5.69-system-ciphers.patch
- stunnel-5.69-default-tls-version.patch
- Enable bash completion support
OBS-URL: https://build.opensuse.org/request/show/1109525
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=166
38 lines
1.2 KiB
Diff
38 lines
1.2 KiB
Diff
From 6c8c4c8c85204943223b251d09ca1e93571a437a Mon Sep 17 00:00:00 2001
|
|
From: Sahana Prasad <sprasad@localhost.localdomain>
|
|
Date: Mon, 12 Sep 2022 11:07:38 +0200
|
|
Subject: [PATCH 3/7] Use cipher configuration from crypto-policies
|
|
|
|
On Fedora, CentOS and RHEL, the system's crypto policies are the best
|
|
source to determine which cipher suites to accept in TLS. On these
|
|
platforms, OpenSSL supports the PROFILE=SYSTEM setting to use those
|
|
policies. Change stunnel to default to this setting.
|
|
|
|
Co-Authored-by: Sahana Prasad <shebburn@redhat.com>
|
|
Patch-name: stunnel-5.69-system-ciphers.patch
|
|
Patch-id: 3
|
|
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
|
|
---
|
|
src/options.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/options.c b/src/options.c
|
|
index 6e4a18b..4d31815 100644
|
|
--- a/src/options.c
|
|
+++ b/src/options.c
|
|
@@ -321,9 +321,9 @@ static const char *option_not_found=
|
|
"Specified option name is not valid here";
|
|
|
|
static const char *stunnel_cipher_list=
|
|
- "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK";
|
|
+ "PROFILE=SYSTEM";
|
|
static const char *fips_cipher_list=
|
|
- "FIPS:!DH:!kDHEPSK";
|
|
+ "PROFILE=SYSTEM";
|
|
|
|
#ifndef OPENSSL_NO_TLS1_3
|
|
static const char *stunnel_ciphersuites=
|
|
--
|
|
2.39.2
|
|
|