summaryrefslogtreecommitdiffstats
path: root/215.patch
diff options
context:
space:
mode:
Diffstat (limited to '215.patch')
-rw-r--r--215.patch42
1 files changed, 42 insertions, 0 deletions
diff --git a/215.patch b/215.patch
new file mode 100644
index 0000000..d98ecb3
--- /dev/null
+++ b/215.patch
@@ -0,0 +1,42 @@
+From 41243ec789c0c9d5b625c76abbc401333d876ee5 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Wed, 16 Jan 2019 08:38:53 +0100
+Subject: [PATCH] prefer system crypto policy
+
+---
+ src/nxt_openssl.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
+index 99dd207..6d9df48 100644
+--- a/src/nxt_openssl.c
++++ b/src/nxt_openssl.c
+@@ -248,7 +248,7 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf)
+ {
+ SSL_CTX *ctx;
+ nxt_fd_t fd;
+- const char *ciphers, *ca_certificate;
++ const char *ca_certificate;
+ STACK_OF(X509_NAME) *list;
+
+ ctx = SSL_CTX_new(SSLv23_server_method());
+@@ -303,13 +303,13 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf)
+ goto fail;
+ }
+ */
+- ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
+-
+- if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
+- nxt_openssl_log_error(task, NXT_LOG_ALERT,
++ if (conf->ciphers) { /* else use system crypto policy */
++ if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) {
++ nxt_openssl_log_error(task, NXT_LOG_ALERT,
+ "SSL_CTX_set_cipher_list(\"%s\") failed",
+- ciphers);
+- goto fail;
++ conf->ciphers);
++ goto fail;
++ }
+ }
+
+ SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);