forked from pool/openssl-1_1
66 lines
3.3 KiB
Diff
66 lines
3.3 KiB
Diff
|
Index: openssl-1.1.1-pre9/ssl/ssl_ciph.c
|
||
|
===================================================================
|
||
|
--- openssl-1.1.1-pre9.orig/ssl/ssl_ciph.c 2018-08-21 14:14:15.000000000 +0200
|
||
|
+++ openssl-1.1.1-pre9/ssl/ssl_ciph.c 2018-08-24 11:06:56.552423004 +0200
|
||
|
@@ -1567,7 +1567,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||
|
*/
|
||
|
ok = 1;
|
||
|
rule_p = rule_str;
|
||
|
- if (strncmp(rule_str, "DEFAULT", 7) == 0) {
|
||
|
+ if (strncmp(rule_str,"DEFAULT_SUSE", 12) == 0) {
|
||
|
+ ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST,
|
||
|
+ &head, &tail, ca_list, c);
|
||
|
+ rule_p += 12;
|
||
|
+ if (*rule_p == ':')
|
||
|
+ rule_p++;
|
||
|
+ }
|
||
|
+ else if (strncmp(rule_str, "DEFAULT", 7) == 0) {
|
||
|
ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
|
||
|
&head, &tail, ca_list, c);
|
||
|
rule_p += 7;
|
||
|
Index: openssl-1.1.1-pre9/include/openssl/ssl.h
|
||
|
===================================================================
|
||
|
--- openssl-1.1.1-pre9.orig/include/openssl/ssl.h 2018-08-21 14:14:15.000000000 +0200
|
||
|
+++ openssl-1.1.1-pre9/include/openssl/ssl.h 2018-08-24 11:14:42.067529045 +0200
|
||
|
@@ -171,6 +171,12 @@ extern "C" {
|
||
|
* This applies to ciphersuites for TLSv1.2 and below.
|
||
|
*/
|
||
|
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
|
||
|
+# define SSL_DEFAULT_SUSE_CIPHER_LIST "TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:"\
|
||
|
+ "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
|
||
|
+ "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\
|
||
|
+ "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
|
||
|
+ "DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
|
||
|
+ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA"
|
||
|
/* This is the default set of TLSv1.3 ciphersuites */
|
||
|
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
|
||
|
# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
|
||
|
Index: openssl-1.1.1-pre9/test/recipes/99-test_suse_default_ciphers.t
|
||
|
===================================================================
|
||
|
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||
|
+++ openssl-1.1.1-pre9/test/recipes/99-test_suse_default_ciphers.t 2018-08-24 11:46:43.464529473 +0200
|
||
|
@@ -0,0 +1,23 @@
|
||
|
+#! /usr/bin/env perl
|
||
|
+
|
||
|
+use strict;
|
||
|
+use warnings;
|
||
|
+
|
||
|
+use OpenSSL::Test qw/:DEFAULT/;
|
||
|
+use OpenSSL::Test::Utils;
|
||
|
+
|
||
|
+setup("test_default_ciphersuites");
|
||
|
+
|
||
|
+plan tests => 6;
|
||
|
+
|
||
|
+my @cipher_suites = ("DEFAULT_SUSE", "DEFAULT");
|
||
|
+
|
||
|
+foreach my $cipherlist (@cipher_suites) {
|
||
|
+ ok(run(app(["openssl", "ciphers", "-s", $cipherlist])),
|
||
|
+ "openssl ciphers works with ciphersuite $cipherlist");
|
||
|
+ ok(!grep(/(MD5|RC4|DES)/, run(app(["openssl", "ciphers", "-s", $cipherlist]), capture => 1)),
|
||
|
+ "$cipherlist shouldn't contain MD5, DES or RC4\n");
|
||
|
+ ok(grep(/(TLSv1.3)/, run(app(["openssl", "ciphers", "-tls1_3", "-s", "-v", $cipherlist]), capture => 1)),
|
||
|
+ "$cipherlist should contain TLSv1.3 ciphers\n");
|
||
|
+}
|
||
|
+
|