Red Hat issue 1019972: needs to specify OpenSSL cipher suites

This commit is contained in:
Gerhard Rieger 2014-11-23 13:48:05 +01:00
parent d4c44ff649
commit 899bc6845d
2 changed files with 5 additions and 1 deletions

View file

@ -32,6 +32,10 @@ security:
Red Hat issue 1019964: socat now uses the system certificate store with Red Hat issue 1019964: socat now uses the system certificate store with
OPENSSL when neither options cafile nor capath are used OPENSSL when neither options cafile nor capath are used
Red Hat issue 1019972: needs to specify OpenSSL cipher suites
Default cipherlist is now "HIGH:-NULL:-PSK:-aNULL" instead of empty to
prevent downgrade attacks
new features: new features:
OpenSSL addresses set couple of environment variables from values in OpenSSL addresses set couple of environment variables from values in
peer certificate, e.g.: peer certificate, e.g.:

View file

@ -717,7 +717,7 @@ int
bool opt_fips = false; bool opt_fips = false;
const SSL_METHOD *method; const SSL_METHOD *method;
char *me_str = NULL; /* method string */ char *me_str = NULL; /* method string */
char *ci_str = NULL; /* cipher string */ char *ci_str = "HIGH:-NULL:-PSK:-aNULL"; /* cipher string */
char *opt_key = NULL; /* file name of client private key */ char *opt_key = NULL; /* file name of client private key */
char *opt_dhparam = NULL; /* file name of DH params */ char *opt_dhparam = NULL; /* file name of DH params */
char *opt_cafile = NULL; /* certificate authority file */ char *opt_cafile = NULL; /* certificate authority file */