Overview

File openssl-1.0.1e-add-suse-default-cipher.patch of Package openssl-1_1.14217

Index: openssl-1.1.0f/ssl/ssl_ciph.c
===================================================================
--- openssl-1.1.0f.orig/ssl/ssl_ciph.c	2017-05-25 14:46:20.000000000 +0200
+++ openssl-1.1.0f/ssl/ssl_ciph.c	2017-09-01 11:54:09.848587297 +0200
@@ -1461,7 +1461,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
      */
     ok = 1;
     rule_p = rule_str;
-    if (strncmp(rule_str, "DEFAULT", 7) == 0) {
+    if (strncmp(rule_str,"DEFAULT_SUSE", 12) == 0) {
+        ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST,
+        &head, &tail, ca_list, c);
+        rule_p += 12;
+        if (*rule_p == ':')
+            rule_p++;
+    }
+    else if (strncmp(rule_str, "DEFAULT", 7) == 0) {
         ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
                                         &head, &tail, ca_list, c);
         rule_p += 7;
Index: openssl-1.1.0f/include/openssl/ssl.h
===================================================================
--- openssl-1.1.0f.orig/include/openssl/ssl.h	2017-05-25 14:46:20.000000000 +0200
+++ openssl-1.1.0f/include/openssl/ssl.h	2017-09-01 13:16:59.850407734 +0200
@@ -195,6 +195,11 @@ extern "C" {
  * an application-defined cipher list string starts with 'DEFAULT'.
  */
 # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
+# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
+    "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\
+    "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
+    "DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
+    "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA"
 /*
  * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
  * starts with a reasonable order, and all we have to do for DEFAULT is
openSUSE Build Service is sponsored by
Places