bcollet/socat
1
0
Fork 0
mirror of https://repo.or.cz/socat.git synced 2024-12-22 15:32:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Red Hat issue 1019972: needs to specify OpenSSL cipher suites

Browse source
This commit is contained in:
Gerhard Rieger 2014-11-23 13:48:05 +01:00
parent d4c44ff649
commit 899bc6845d
2 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -32,6 +32,10 @@ security:
Red Hat issue 1019964: socat now uses the system certificate store with
OPENSSL when neither options cafile nor capath are used
Red Hat issue 1019972: needs to specify OpenSSL cipher suites
Default cipherlist is now "HIGH:-NULL:-PSK:-aNULL" instead of empty to
prevent downgrade attacks
new features:
OpenSSL addresses set couple of environment variables from values in
peer certificate, e.g.:

2
xio-openssl.c
View file

@ -717,7 +717,7 @@ int
bool opt_fips = false;
const SSL_METHOD *method;
char *me_str = NULL; /* method string */
char *ci_str = NULL; /* cipher string */
char *ci_str = "HIGH:-NULL:-PSK:-aNULL"; /* cipher string */
char *opt_key = NULL; /* file name of client private key */
char *opt_dhparam = NULL; /* file name of DH params */
char *opt_cafile = NULL; /* certificate authority file */