Blame SOURCES/openssl-1.1.1-weak-ciphers.patch

e4b8d1
diff -up openssl-1.1.1/ssl/s3_lib.c.weak-ciphers openssl-1.1.1/ssl/s3_lib.c
e4b8d1
--- openssl-1.1.1/ssl/s3_lib.c.weak-ciphers	2018-09-11 14:48:23.000000000 +0200
e4b8d1
+++ openssl-1.1.1/ssl/s3_lib.c	2018-09-17 12:53:33.850637181 +0200
e4b8d1
@@ -2612,7 +2612,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
e4b8d1
      SSL_GOST89MAC,
e4b8d1
      TLS1_VERSION, TLS1_2_VERSION,
e4b8d1
      0, 0,
e4b8d1
-     SSL_HIGH,
e4b8d1
+     SSL_MEDIUM,
e4b8d1
      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
e4b8d1
      256,
e4b8d1
      256,
e4b8d1
@@ -2644,7 +2644,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
e4b8d1
      SSL_GOST89MAC12,
e4b8d1
      TLS1_VERSION, TLS1_2_VERSION,
e4b8d1
      0, 0,
e4b8d1
-     SSL_HIGH,
e4b8d1
+     SSL_MEDIUM,
e4b8d1
      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
e4b8d1
      256,
e4b8d1
      256,
e4b8d1
@@ -2753,7 +2753,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
e4b8d1
      },
e4b8d1
 #endif                          /* OPENSSL_NO_SEED */
e4b8d1
 
e4b8d1
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
e4b8d1
+#if 0 /* No MD5 ciphersuites */
e4b8d1
     {
e4b8d1
      1,
e4b8d1
      SSL3_TXT_RSA_RC4_128_MD5,
e4b8d1
@@ -2770,6 +2770,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
e4b8d1
      128,
e4b8d1
      128,
e4b8d1
      },
e4b8d1
+#endif
e4b8d1
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
e4b8d1
     {
e4b8d1
      1,
e4b8d1
      SSL3_TXT_RSA_RC4_128_SHA,
e4b8d1
@@ -2786,6 +2788,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
e4b8d1
      128,
e4b8d1
      128,
e4b8d1
      },
e4b8d1
+#endif
e4b8d1
+#if 0
e4b8d1
     {
e4b8d1
      1,
e4b8d1
      SSL3_TXT_ADH_RC4_128_MD5,
e4b8d1
@@ -2802,6 +2806,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
e4b8d1
      128,
e4b8d1
      128,
e4b8d1
      },
e4b8d1
+#endif
e4b8d1
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
e4b8d1
     {
e4b8d1
      1,
e4b8d1
      TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,