[glib-networking/wip/nacho/openssl] openssl: use PROFILE=SYSTEM as default cipher list

From: Ignacio Casal Quinteiro <icq src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking/wip/nacho/openssl] openssl: use PROFILE=SYSTEM as default cipher list
Date: Wed, 19 Sep 2018 07:09:06 +0000 (UTC)

commit 4de0bae5af81f1a3c8a05af38f35ca3af4b2e39e
Author: Ignacio Casal Quinteiro <icq gnome org>
Date:   Tue Sep 18 18:22:42 2018 +0200

    openssl: use PROFILE=SYSTEM as default cipher list
    
    This is the requirement on fedora so let's just use it for
    new versions of openssl.

 tls/openssl/gtlsclientconnection-openssl.c | 4 ++++
 tls/openssl/gtlsserverconnection-openssl.c | 8 ++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index b1560c1..36f1c24 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -35,7 +35,11 @@
 #include "gtlscertificate-openssl.h"
 #include <glib/gi18n-lib.h>
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
 #define DEFAULT_CIPHER_LIST "HIGH:!DSS:!aNULL@STRENGTH"
+#else
+#define DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
+#endif
 
 typedef struct _GTlsClientConnectionOpensslPrivate
 {
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index 6a99574..6b399d5 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -30,6 +30,12 @@
 #include "openssl-include.h"
 #include <glib/gi18n-lib.h>
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+#define DEFAULT_CIPHER_LIST "HIGH:!DSS:!aNULL@STRENGTH"
+#else
+#define DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
+#endif
+
 typedef struct _GTlsServerConnectionOpensslPrivate
 {
   GTlsAuthenticationMode authentication_mode;
@@ -44,8 +50,6 @@ enum
   PROP_AUTHENTICATION_MODE
 };
 
-#define DEFAULT_CIPHER_LIST "HIGH:!DSS:!aNULL@STRENGTH"
-
 static void g_tls_server_connection_openssl_initable_interface_init (GInitableIface  *iface);
 
 static void g_tls_server_connection_openssl_server_connection_interface_init (GTlsServerConnectionInterface 
*iface);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]