File curl-use_DEFAULT_SUSE_cipher.patch of Package curl.13026

Index: curl-7.60.0/lib/vtls/openssl.c
===================================================================
--- curl-7.60.0.orig/lib/vtls/openssl.c	2018-08-13 14:27:34.073518809 +0200
+++ curl-7.60.0/lib/vtls/openssl.c	2018-08-13 14:43:16.936008597 +0200
@@ -178,7 +178,7 @@ static unsigned long OpenSSL_version_num
 /* up2date versions of OpenSSL maintain the default reasonably secure without
  * breaking compatibility, so it is better not to override the default by curl
  */
-#define DEFAULT_CIPHER_SELECTION NULL
+#define DEFAULT_CIPHER_SELECTION "DEFAULT_SUSE"
 #else
 /* ... but it is not the case with old versions of OpenSSL */
 #define DEFAULT_CIPHER_SELECTION \
@@ -2394,8 +2394,18 @@ static CURLcode ossl_connect_step1(struc
     ciphers = (char *)DEFAULT_CIPHER_SELECTION;
   if(ciphers) {
     if(!SSL_CTX_set_cipher_list(BACKEND->ctx, ciphers)) {
-      failf(data, "failed setting cipher list: %s", ciphers);
-      return CURLE_SSL_CIPHER;
+      if(!strcmp(ciphers, "DEFAULT_SUSE")) {
+        infof(data, "cipher list %s not available, using %s\n", "DEFAULT_SUSE", "HIGH");
+        if(!SSL_CTX_set_cipher_list(BACKEND->ctx, "HIGH")) {
+          failf(data, "failed setting cipher list: %s, setting cipher list %s also failed",
+                      "DEFAULT_SUSE", "HIGH");
+          return CURLE_SSL_CIPHER;
+        }
+      }
+      else {
+        failf(data, "failed setting cipher list: %s", ciphers);
+        return CURLE_SSL_CIPHER;
+      }
     }
     infof(data, "Cipher selection: %s\n", ciphers);
   }