blob: c9d1d94e1f96e6df71bb596a6e20de7b2f2692c0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
diff -up ./src/mongoc/mongoc-ssl.c.old ./src/mongoc/mongoc-ssl.c
--- ./src/mongoc/mongoc-ssl.c.old 2016-05-16 10:06:56.592895951 +0200
+++ ./src/mongoc/mongoc-ssl.c 2016-05-16 10:07:57.737182179 +0200
@@ -405,11 +405,8 @@ _mongoc_ssl_ctx_new (mongoc_ssl_opt_t *o
* SSL_OP_NO_SSLv2 - Disable SSL v2 support */
SSL_CTX_set_options (ctx, (SSL_OP_ALL | SSL_OP_NO_SSLv2));
- /* HIGH - Enable strong ciphers
- * !EXPORT - Disable export ciphers (40/56 bit)
- * !aNULL - Disable anonymous auth ciphers
- * @STRENGTH - Sort ciphers based on strength */
- SSL_CTX_set_cipher_list (ctx, "HIGH:!EXPORT:!aNULL@STRENGTH");
+ /* See https://fedoraproject.org/wiki/Packaging:CryptoPolicies */
+ /* SSL_CTX_set_cipher_list (ctx, "PROFILE=SYSTEM"); */
/* If renegotiation is needed, don't return from recv() or send() until it's successful.
* Note: this is for blocking sockets only. */
|
