From 17bfb9320407011fa7ff267f9c848ba8384f0e2d Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 28 2020 08:52:56 +0000 Subject: import perl-IO-Socket-SSL-2.066-4.el8 --- diff --git a/SOURCES/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch b/SOURCES/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch index 4ae5f11..53681e3 100644 --- a/SOURCES/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch +++ b/SOURCES/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch @@ -12,7 +12,7 @@ + # Use system-wide default cipher list to support use of system-wide + # crypto policy (#1076390, #1127577, CPAN RT#97816) + # https://fedoraproject.org/wiki/Changes/CryptoPolicy -+ SSL_cipher_list => 'DEFAULT', ++ SSL_cipher_list => 'PROFILE=SYSTEM', ); my %DEFAULT_SSL_CLIENT_ARGS = ( @@ -93,7 +93,7 @@ -To use the less secure OpenSSL builtin default (whatever this is) set -SSL_cipher_list to ''. +recommended to leave this option at the default setting, which honors the -+system-wide DEFAULT cipher list. ++system-wide PROFILE=SYSTEM cipher list. In case different cipher lists are needed for different SNI hosts a hash can be given with the host as key and the cipher suite as value, similar to diff --git a/SPECS/perl-IO-Socket-SSL.spec b/SPECS/perl-IO-Socket-SSL.spec index cea8a9b..549b8a7 100644 --- a/SPECS/perl-IO-Socket-SSL.spec +++ b/SPECS/perl-IO-Socket-SSL.spec @@ -1,10 +1,11 @@ Name: perl-IO-Socket-SSL Version: 2.066 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Perl library for transparent SSL License: (GPL+ or Artistic) and MPLv2.0 URL: https://metacpan.org/release/IO-Socket-SSL Source0: https://cpan.metacpan.org/modules/by-module/IO/IO-Socket-SSL-%{version}.tar.gz +# Default to a system-wide crypto-policy, bug #1775167 Patch0: IO-Socket-SSL-2.066-use-system-default-cipher-list.patch Patch1: IO-Socket-SSL-2.066-use-system-default-SSL-version.patch # A test for Enable-Post-Handshake-Authentication-TLSv1.3-feature.patch, @@ -124,6 +125,9 @@ make test %{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3* %changelog +* Mon Nov 25 2019 Petr Pisar - 2.066-4 +- Default to PROFILE=SYSTEM cipher list (bug #1775167) + * Wed Jun 26 2019 Paul Howarth - 2.066-3 - PublicSuffix.pm is licensed MPLv2.0 (#1724434)