Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
compat-openssl098.32473
openssl-add_DEFAULT_SUSE_cipher_list.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-add_DEFAULT_SUSE_cipher_list.patch of Package compat-openssl098.32473
Index: openssl-0.9.8j/ssl/ssl.h =================================================================== --- openssl-0.9.8j.orig/ssl/ssl.h 2017-04-18 17:29:45.151203872 +0200 +++ openssl-0.9.8j/ssl/ssl.h 2017-04-18 17:29:45.179204314 +0200 @@ -323,6 +323,9 @@ extern "C" { * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ #define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:!EXP:+RC4:@STRENGTH" /* low priority for RC4 */ +#define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\ + "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\ + "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA" /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ #define SSL_SENT_SHUTDOWN 1 Index: openssl-0.9.8j/ssl/ssl_ciph.c =================================================================== --- openssl-0.9.8j.orig/ssl/ssl_ciph.c 2017-04-18 17:29:45.019201786 +0200 +++ openssl-0.9.8j/ssl/ssl_ciph.c 2017-04-18 17:29:45.179204314 +0200 @@ -1021,7 +1021,17 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ */ ok = 1; rule_p = rule_str; - if (strncmp(rule_str,"DEFAULT",7) == 0) + + if (strncmp(rule_str,"DEFAULT_SUSE",12) == 0) + { + ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST, + co_list, &head, &tail, ca_list); + rule_p += 12; + if (*rule_p == ':') + rule_p++; + } + + else if (strncmp(rule_str,"DEFAULT",7) == 0) { ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, co_list, &head, &tail, ca_list); Index: openssl-0.9.8j/test/testssl =================================================================== --- openssl-0.9.8j.orig/test/testssl 2005-02-02 00:48:36.000000000 +0100 +++ openssl-0.9.8j/test/testssl 2017-04-18 17:29:45.179204314 +0200 @@ -119,6 +119,25 @@ $ssltest -bio_pair -server_auth -client_ echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 +echo "Testing default ciphersuites" + +for cipher_suite in DEFAULT_SUSE DEFAULT; do + ../util/shlib_wrap.sh ../apps/openssl ciphers $cipher_suite + if [ $? -ne 0 ]; then + echo "Failed default ciphersuite $cipher_suite" + exit 1 + fi +done + +echo "Testing if MD5, DES and RC4 are excluded from DEFAULT_SUSE cipher suite" +../util/shlib_wrap.sh ../apps/openssl ciphers DEFAULT_SUSE| grep "MD5\|RC4\|DES-[^CBC3]" + +if [ $? -ne 1 ];then + echo "weak ciphers are present on DEFAULT_SUSE cipher suite" + exit 1 +fi + + ############################################################################# if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor