|
 |
1ef406 |
From 6bf887340626e35e0497deaf246a9f034d8fe8ee Mon Sep 17 00:00:00 2001
|
|
|
1ef406 |
From: Rob Crittenden <rcritten@redhat.com>
|
|
|
1ef406 |
Date: Mon, 23 May 2016 17:21:11 -0400
|
|
|
1ef406 |
Subject: [PATCH] Add back export and low-security ciphers
|
|
|
1ef406 |
|
|
|
1ef406 |
These are disabled in OpenSSL 1.02g but are still enabled in
|
|
|
1ef406 |
the version in RHEL 7.
|
|
|
1ef406 |
---
|
|
|
1ef406 |
test/test_cipher.py | 5 ++---
|
|
|
1ef406 |
1 file changed, 2 insertions(+), 3 deletions(-)
|
|
|
1ef406 |
|
|
|
1ef406 |
diff --git a/test/test_cipher.py b/test/test_cipher.py
|
|
|
1ef406 |
index 1cce9e4..8b12f26 100644
|
|
|
1ef406 |
--- a/test/test_cipher.py
|
|
|
1ef406 |
+++ b/test/test_cipher.py
|
|
|
1ef406 |
@@ -40,7 +40,7 @@ if ENABLE_SERVER_DHE == 0:
|
|
|
1ef406 |
OPENSSL_CIPHERS_IGNORE += ':-DH'
|
|
|
1ef406 |
|
|
|
1ef406 |
def assert_equal_openssl(ciphers):
|
|
|
1ef406 |
- nss_ciphers = ciphers + ":-EXP:-LOW"
|
|
|
1ef406 |
+ nss_ciphers = ciphers
|
|
|
1ef406 |
ossl_ciphers = ciphers + OPENSSL_CIPHERS_IGNORE
|
|
|
1ef406 |
(nss, err, rc) = run([exe, "--o", nss_ciphers])
|
|
|
1ef406 |
assert rc == 0
|
|
|
1ef406 |
@@ -270,8 +270,7 @@ class test_ciphers(object):
|
|
|
1ef406 |
assert_no_NULL("DEFAULT:aRSA")
|
|
|
1ef406 |
|
|
|
1ef406 |
def test_SYSTEM_DEFAULT(self):
|
|
|
1ef406 |
- # I've added in !DHE here which differs from F-23 default
|
|
|
1ef406 |
- assert_equal_openssl("!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES:!DHE")
|
|
|
1ef406 |
+ assert_equal_openssl("!SSLv2:kEECDH:kRSA:kEDH:kPSK:DH:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES")
|
|
|
1ef406 |
|
|
|
1ef406 |
def test_cipher_reorder(self):
|
|
|
1ef406 |
# re-ordering now allowed but shouldn't blow up either
|
|
|
1ef406 |
--
|
|
|
1ef406 |
2.5.5
|
|
|
1ef406 |
|