diff options
Diffstat (limited to 'patches/openssl-1.1.1k/0003-Set-systemwide-default-settings-for-libssl-users.patch')
-rw-r--r-- | patches/openssl-1.1.1k/0003-Set-systemwide-default-settings-for-libssl-users.patch | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/patches/openssl-1.1.1k/0003-Set-systemwide-default-settings-for-libssl-users.patch b/patches/openssl-1.1.1k/0003-Set-systemwide-default-settings-for-libssl-users.patch deleted file mode 100644 index 2377d8017..000000000 --- a/patches/openssl-1.1.1k/0003-Set-systemwide-default-settings-for-libssl-users.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> -Date: Tue, 20 Mar 2018 22:07:30 +0100 -Subject: [PATCH] Set systemwide default settings for libssl users - -This config change enforeces a TLS1.2 protocol version as minimum. It -can be overwritten by the system administrator. - -It also changes the default security level from 1 to 2, moving from the 80 bit -security level to the 112 bit security level. - -Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> - -Imported from openssl_1.1.1k-1.debian.tar.xz - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - apps/openssl.cnf | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/apps/openssl.cnf b/apps/openssl.cnf -index 4acca4b0446f..a6fed92a2e75 100644 ---- a/apps/openssl.cnf -+++ b/apps/openssl.cnf -@@ -15,6 +15,9 @@ HOME = . - #oid_file = $ENV::HOME/.oid - oid_section = new_oids - -+# System default -+openssl_conf = default_conf -+ - # To use this configuration file with the "-extfile" option of the - # "openssl x509" utility, name here the section containing the - # X.509v3 extensions to use: -@@ -348,3 +351,12 @@ ess_cert_id_chain = no # Must the ESS cert id chain be included? - # (optional, default: no) - ess_cert_id_alg = sha1 # algorithm to compute certificate - # identifier (optional, default: sha1) -+[default_conf] -+ssl_conf = ssl_sect -+ -+[ssl_sect] -+system_default = system_default_sect -+ -+[system_default_sect] -+MinProtocol = TLSv1.2 -+CipherString = DEFAULT@SECLEVEL=2 |