This patch became obsolete since we use OpenSSL 1.1.x in Core Update 120 and onward, where a similar patch already exists.
Signed-off-by: Peter Müller peter.mueller@link38.eu --- src/patches/openssl-1.0.2h-weak-ciphers.patch | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 src/patches/openssl-1.0.2h-weak-ciphers.patch
diff --git a/src/patches/openssl-1.0.2h-weak-ciphers.patch b/src/patches/openssl-1.0.2h-weak-ciphers.patch deleted file mode 100644 index d1ec6a2af..000000000 --- a/src/patches/openssl-1.0.2h-weak-ciphers.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h ---- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200 -@@ -338,7 +338,7 @@ - * The following cipher list is used by default. It also is substituted when - * an application-defined cipher list string starts with 'DEFAULT'. - */ --# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" -+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES" - /* - * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always - * starts with a reasonable order, and all we have to do for DEFAULT is
Hello,
this patch is actually used in lfs/openssl-compat.
We still ship the old version since some add-ons and some old (self-compiled) binaries might still be linked against this. It is to be determined for how long we will continue to ship both versions.
Best, -Michael
On Sat, 2018-03-24 at 15:59 +0100, Peter Müller wrote:
This patch became obsolete since we use OpenSSL 1.1.x in Core Update 120 and onward, where a similar patch already exists.
Signed-off-by: Peter Müller peter.mueller@link38.eu
src/patches/openssl-1.0.2h-weak-ciphers.patch | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 src/patches/openssl-1.0.2h-weak-ciphers.patch
diff --git a/src/patches/openssl-1.0.2h-weak-ciphers.patch b/src/patches/openssl-1.0.2h-weak-ciphers.patch deleted file mode 100644 index d1ec6a2af..000000000 --- a/src/patches/openssl-1.0.2h-weak-ciphers.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h ---- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200 -@@ -338,7 +338,7 @@
- The following cipher list is used by default. It also is substituted when
- an application-defined cipher list string starts with 'DEFAULT'.
- */
--# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" -+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
- /*
- As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
- starts with a reasonable order, and all we have to do for DEFAULT is
Hello,
thanks, I was missing that. Please drop this patch.
Best regards, Peter Müller
Hello,
this patch is actually used in lfs/openssl-compat.
We still ship the old version since some add-ons and some old (self-compiled) binaries might still be linked against this. It is to be determined for how long we will continue to ship both versions.
Best, -Michael
On Sat, 2018-03-24 at 15:59 +0100, Peter Müller wrote:
This patch became obsolete since we use OpenSSL 1.1.x in Core Update 120 and onward, where a similar patch already exists.
Signed-off-by: Peter Müller peter.mueller@link38.eu
src/patches/openssl-1.0.2h-weak-ciphers.patch | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 src/patches/openssl-1.0.2h-weak-ciphers.patch
diff --git a/src/patches/openssl-1.0.2h-weak-ciphers.patch b/src/patches/openssl-1.0.2h-weak-ciphers.patch deleted file mode 100644 index d1ec6a2af..000000000 --- a/src/patches/openssl-1.0.2h-weak-ciphers.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h ---- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200 -@@ -338,7 +338,7 @@
- The following cipher list is used by default. It also is substituted when
- an application-defined cipher list string starts with 'DEFAULT'.
- */
--# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" -+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
- /*
- As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
- starts with a reasonable order, and all we have to do for DEFAULT is