diff options
Diffstat (limited to 'unit-syspol.patch')
-rw-r--r-- | unit-syspol.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/unit-syspol.patch b/unit-syspol.patch new file mode 100644 index 0000000..cff3889 --- /dev/null +++ b/unit-syspol.patch @@ -0,0 +1,32 @@ +diff -up ./src/nxt_openssl.c.syspol ./src/nxt_openssl.c +--- ./src/nxt_openssl.c.syspol 2021-03-25 15:15:30.000000000 +0100 ++++ ./src/nxt_openssl.c 2021-03-26 07:46:53.897688835 +0100 +@@ -261,7 +261,7 @@ nxt_openssl_server_init(nxt_task_t *task + nxt_mp_t *mp, nxt_bool_t last) + { + SSL_CTX *ctx; +- const char *ciphers, *ca_certificate; ++ const char *ca_certificate; + STACK_OF(X509_NAME) *list; + nxt_tls_bundle_conf_t *bundle; + +@@ -318,13 +318,13 @@ nxt_openssl_server_init(nxt_task_t *task + goto fail; + } + */ +- ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5"; +- +- if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) { +- nxt_openssl_log_error(task, NXT_LOG_ALERT, ++ if (conf->ciphers) { /* else use system crypto policy */ ++ if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) { ++ nxt_openssl_log_error(task, NXT_LOG_ALERT, + "SSL_CTX_set_cipher_list(\"%s\") failed", +- ciphers); +- goto fail; ++ conf->ciphers); ++ goto fail; ++ } + } + + SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); |