diff options
| author | CoprDistGit <infra@openeuler.org> | 2024-08-01 14:06:58 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2024-08-01 14:06:58 +0000 |
| commit | fa0594f4021dbf53966e167cf44c1bb84df5bb23 (patch) | |
| tree | 3c991fcabf18a0e314a10edf337db266e504af11 /freeradius-Use-system-crypto-policy-by-default.patch | |
| parent | 72d830c7e64b038eb96c0f36e0c1a0ab225238e3 (diff) | |
automatic import of freeradiusopeneuler24.03_LTS
Diffstat (limited to 'freeradius-Use-system-crypto-policy-by-default.patch')
| -rw-r--r-- | freeradius-Use-system-crypto-policy-by-default.patch | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/freeradius-Use-system-crypto-policy-by-default.patch b/freeradius-Use-system-crypto-policy-by-default.patch new file mode 100644 index 0000000..199e583 --- /dev/null +++ b/freeradius-Use-system-crypto-policy-by-default.patch @@ -0,0 +1,86 @@ +From a7ed62fbcc043a9ec7a4f09962a2cd2acffa019b Mon Sep 17 00:00:00 2001 +From: Alexander Scheel <ascheel@redhat.com> +Date: Wed, 8 May 2019 10:16:31 -0400 +Subject: [PATCH] Use system-provided crypto-policies by default + +Signed-off-by: Alexander Scheel <ascheel@redhat.com> +--- + raddb/mods-available/eap | 4 ++-- + raddb/mods-available/inner-eap | 2 +- + raddb/sites-available/abfab-tls | 2 +- + raddb/sites-available/tls | 4 ++-- + 4 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap +index 36849e10f2..b28c0f19c6 100644 +--- a/raddb/mods-available/eap ++++ b/raddb/mods-available/eap +@@ -368,7 +368,7 @@ eap { + # + # For EAP-FAST, use "ALL:!EXPORT:!eNULL:!SSLv2" + # +- cipher_list = "DEFAULT" ++ cipher_list = "PROFILE=SYSTEM" + + # If enabled, OpenSSL will use server cipher list + # (possibly defined by cipher_list option above) +@@ -912,7 +912,7 @@ eap { + # Note - for OpenSSL 1.1.0 and above you may need + # to add ":@SECLEVEL=0" + # +- # cipher_list = "ALL:!EXPORT:!eNULL:!SSLv2" ++ # cipher_list = "PROFILE=SYSTEM" + + # PAC lifetime in seconds (default: seven days) + # +diff --git a/raddb/mods-available/inner-eap b/raddb/mods-available/inner-eap +index 576eb7739e..ffa07188e2 100644 +--- a/raddb/mods-available/inner-eap ++++ b/raddb/mods-available/inner-eap +@@ -77,7 +77,7 @@ eap inner-eap { + # certificates. If so, edit this file. + ca_file = ${cadir}/ca.pem + +- cipher_list = "DEFAULT" ++ cipher_list = "PROFILE=SYSTEM" + + # You may want to set a very small fragment size. + # The TLS data here needs to go inside of the +diff --git a/raddb/sites-available/abfab-tls b/raddb/sites-available/abfab-tls +index 92f1d6330e..cd69b3905a 100644 +--- a/raddb/sites-available/abfab-tls ++++ b/raddb/sites-available/abfab-tls +@@ -19,7 +19,7 @@ listen { + dh_file = ${certdir}/dh + fragment_size = 8192 + ca_path = ${cadir} +- cipher_list = "DEFAULT" ++ cipher_list = "PROFILE=SYSTEM" + + cache { + enable = no +diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls +index bbc761b1c5..83cd35b851 100644 +--- a/raddb/sites-available/tls ++++ b/raddb/sites-available/tls +@@ -215,7 +215,7 @@ listen { + # Set this option to specify the allowed + # TLS cipher suites. The format is listed + # in "man 1 ciphers". +- cipher_list = "DEFAULT" ++ cipher_list = "PROFILE=SYSTEM" + + # If enabled, OpenSSL will use server cipher list + # (possibly defined by cipher_list option above) +@@ -517,7 +517,7 @@ home_server tls { + # Set this option to specify the allowed + # TLS cipher suites. The format is listed + # in "man 1 ciphers". +- cipher_list = "DEFAULT" ++ cipher_list = "PROFILE=SYSTEM" + } + + } +-- +2.21.0 + |