rpms / freeradius

Clone
Source Code
GIT

Blame SOURCES/freeradius-Use-system-crypto-policy-by-default.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-3.0 c8-stream-3.0 c8s-stream-3.0 c9 c9-beta
  1.   c8-beta-stream-3.0
  2.   SOURCES
  3.   freeradius-Use-system-crypto-policy-by-default.patch
Blob History Raw
71fb5d 
From a7ed62fbcc043a9ec7a4f09962a2cd2acffa019b Mon Sep 17 00:00:00 2001
71fb5d 
From: Alexander Scheel <ascheel@redhat.com>
71fb5d 
Date: Wed, 8 May 2019 10:16:31 -0400
71fb5d 
Subject: [PATCH] Use system-provided crypto-policies by default
33c701
71fb5d 
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
33c701 
---
71fb5d 
 raddb/mods-available/eap        | 4 ++--
33c701 
 raddb/mods-available/inner-eap  | 2 +-
33c701 
 raddb/sites-available/abfab-tls | 2 +-
33c701 
 raddb/sites-available/tls       | 4 ++--
71fb5d 
 4 files changed, 6 insertions(+), 6 deletions(-)
33c701
33c701 
diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
71fb5d 
index 36849e10f2..b28c0f19c6 100644
33c701 
--- a/raddb/mods-available/eap
33c701 
+++ b/raddb/mods-available/eap
71fb5d 
@@ -368,7 +368,7 @@ eap {
33c701 
 		#
71fb5d 
 		#  For EAP-FAST, use "ALL:!EXPORT:!eNULL:!SSLv2"
33c701 
 		#
33c701 
-		cipher_list = "DEFAULT"
33c701 
+		cipher_list = "PROFILE=SYSTEM"
33c701
71fb5d 
 		#  If enabled, OpenSSL will use server cipher list
71fb5d 
 		#  (possibly defined by cipher_list option above)
71fb5d 
@@ -912,7 +912,7 @@ eap {
71fb5d 
 		#  Note - for OpenSSL 1.1.0 and above you may need
71fb5d 
 		#  to add ":@SECLEVEL=0"
71fb5d 
 		#
71fb5d 
-	#	cipher_list = "ALL:!EXPORT:!eNULL:!SSLv2"
71fb5d 
+	#	cipher_list = "PROFILE=SYSTEM"
71fb5d
71fb5d 
 		#  PAC lifetime in seconds (default: seven days)
71fb5d 
 		#
33c701 
diff --git a/raddb/mods-available/inner-eap b/raddb/mods-available/inner-eap
71fb5d 
index 576eb7739e..ffa07188e2 100644
33c701 
--- a/raddb/mods-available/inner-eap
33c701 
+++ b/raddb/mods-available/inner-eap
71fb5d 
@@ -77,7 +77,7 @@ eap inner-eap {
33c701 
 		#  certificates.  If so, edit this file.
33c701 
 		ca_file = ${cadir}/ca.pem
33c701
33c701 
-		cipher_list = "DEFAULT"
33c701 
+		cipher_list = "PROFILE=SYSTEM"
33c701
33c701 
 		#  You may want to set a very small fragment size.
33c701 
 		#  The TLS data here needs to go inside of the
33c701 
diff --git a/raddb/sites-available/abfab-tls b/raddb/sites-available/abfab-tls
71fb5d 
index 92f1d6330e..cd69b3905a 100644
33c701 
--- a/raddb/sites-available/abfab-tls
33c701 
+++ b/raddb/sites-available/abfab-tls
33c701 
@@ -19,7 +19,7 @@ listen {
33c701 
 		dh_file = ${certdir}/dh
33c701 
 		fragment_size = 8192
33c701 
 		ca_path = ${cadir}
33c701 
-		cipher_list = "DEFAULT"
33c701 
+		cipher_list = "PROFILE=SYSTEM"
33c701
33c701 
 		cache {
33c701 
 			enable = no
33c701 
diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls
71fb5d 
index bbc761b1c5..83cd35b851 100644
33c701 
--- a/raddb/sites-available/tls
33c701 
+++ b/raddb/sites-available/tls
71fb5d 
@@ -215,7 +215,7 @@ listen {
33c701 
 		# Set this option to specify the allowed
33c701 
 		# TLS cipher suites.  The format is listed
33c701 
 		# in "man 1 ciphers".
33c701 
-		cipher_list = "DEFAULT"
33c701 
+		cipher_list = "PROFILE=SYSTEM"
33c701
33c701 
 		# If enabled, OpenSSL will use server cipher list
33c701 
 		# (possibly defined by cipher_list option above)
71fb5d 
@@ -517,7 +517,7 @@ home_server tls {
33c701 
 		# Set this option to specify the allowed
33c701 
 		# TLS cipher suites.  The format is listed
33c701 
 		# in "man 1 ciphers".
33c701 
-		cipher_list = "DEFAULT"
33c701 
+		cipher_list = "PROFILE=SYSTEM"
33c701 
 	}
33c701
33c701 
 }
33c701 
--
71fb5d 
2.21.0
33c701

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation