summaryrefslogtreecommitdiff
path: root/zabbix-crypto-policy.patch
diff options
context:
space:
mode:
Diffstat (limited to 'zabbix-crypto-policy.patch')
-rw-r--r--zabbix-crypto-policy.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/zabbix-crypto-policy.patch b/zabbix-crypto-policy.patch
new file mode 100644
index 0000000..8a157ce
--- /dev/null
+++ b/zabbix-crypto-policy.patch
@@ -0,0 +1,30 @@
+diff -up zabbix-5.0.2/src/libs/zbxcrypto/tls.c.crypto-policy zabbix-5.0.2/src/libs/zbxcrypto/tls.c
+--- zabbix-5.0.2/src/libs/zbxcrypto/tls.c.crypto-policy 2020-07-06 03:54:32.000000000 -0600
++++ zabbix-5.0.2/src/libs/zbxcrypto/tls.c 2020-07-18 21:22:13.125099598 -0600
+@@ -2932,7 +2932,7 @@ void zbx_tls_init_child(void)
+ goto out;
+ }
+ }
+- else if (1 != SSL_CTX_set_cipher_list(ctx_cert, ciphers))
++ else if (1 != SSL_CTX_set_cipher_list(ctx_cert, "PROFILE=SYSTEM"))
+ {
+ zbx_snprintf_alloc(&error, &error_alloc, &error_offset, "cannot set list of certificate"
+ " ciphersuites:");
+@@ -3014,7 +3014,7 @@ void zbx_tls_init_child(void)
+ goto out;
+ }
+ }
+- else if (1 != SSL_CTX_set_cipher_list(ctx_psk, ciphers))
++ else if (1 != SSL_CTX_set_cipher_list(ctx_psk, "PROFILE=SYSTEM"))
+ {
+ zbx_snprintf_alloc(&error, &error_alloc, &error_offset, "cannot set list of PSK ciphersuites:");
+ goto out;
+@@ -3070,7 +3070,7 @@ void zbx_tls_init_child(void)
+ goto out;
+ }
+ }
+- else if (1 != SSL_CTX_set_cipher_list(ctx_all, ciphers))
++ else if (1 != SSL_CTX_set_cipher_list(ctx_all, "PROFILE=SYSTEM"))
+ {
+ zbx_snprintf_alloc(&error, &error_alloc, &error_offset, "cannot set list of all ciphersuites:");
+ goto out;
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 13:33:27 +0000