|
 |
afbec7d |
From f6ca45b1bab63cbb75d81de3c17b8e7c43983acc Mon Sep 17 00:00:00 2001
|
|
|
55d9285 |
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
|
|
55d9285 |
Date: Mon, 26 Sep 2016 19:48:36 +0300
|
|
|
55d9285 |
Subject: [PATCH] Use system crypto policy by default
|
|
|
55d9285 |
|
|
|
55d9285 |
---
|
|
|
55d9285 |
raddb/mods-available/eap | 2 +-
|
|
|
55d9285 |
raddb/mods-available/inner-eap | 2 +-
|
|
|
55d9285 |
raddb/sites-available/abfab-tls | 2 +-
|
|
|
55d9285 |
raddb/sites-available/tls | 4 ++--
|
|
|
55d9285 |
4 files changed, 5 insertions(+), 5 deletions(-)
|
|
|
55d9285 |
|
|
|
55d9285 |
diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
|
|
|
afbec7d |
index 5c99b09d4..83b5f95c7 100644
|
|
|
55d9285 |
--- a/raddb/mods-available/eap
|
|
|
55d9285 |
+++ b/raddb/mods-available/eap
|
|
|
afbec7d |
@@ -323,7 +323,7 @@ eap {
|
|
|
afbec7d |
#
|
|
|
afbec7d |
# For EAP-FAST, use "ALL:!EXPORT:!eNULL:!SSLv2"
|
|
|
afbec7d |
#
|
|
|
55d9285 |
- cipher_list = "DEFAULT"
|
|
|
55d9285 |
+ cipher_list = "PROFILE=SYSTEM"
|
|
|
55d9285 |
|
|
|
55d9285 |
# Work-arounds for OpenSSL nonsense
|
|
|
55d9285 |
# OpenSSL 1.0.1f and 1.0.1g do not calculate
|
|
|
55d9285 |
diff --git a/raddb/mods-available/inner-eap b/raddb/mods-available/inner-eap
|
|
|
afbec7d |
index 2b4df6267..af9aa88cd 100644
|
|
|
55d9285 |
--- a/raddb/mods-available/inner-eap
|
|
|
55d9285 |
+++ b/raddb/mods-available/inner-eap
|
|
|
55d9285 |
@@ -68,7 +68,7 @@ eap inner-eap {
|
|
|
55d9285 |
# certificates. If so, edit this file.
|
|
|
55d9285 |
ca_file = ${cadir}/ca.pem
|
|
|
55d9285 |
|
|
|
55d9285 |
- cipher_list = "DEFAULT"
|
|
|
55d9285 |
+ cipher_list = "PROFILE=SYSTEM"
|
|
|
55d9285 |
|
|
|
55d9285 |
# You may want to set a very small fragment size.
|
|
|
55d9285 |
# The TLS data here needs to go inside of the
|
|
|
55d9285 |
diff --git a/raddb/sites-available/abfab-tls b/raddb/sites-available/abfab-tls
|
|
|
afbec7d |
index 79d74e6fc..d04d6be89 100644
|
|
|
55d9285 |
--- a/raddb/sites-available/abfab-tls
|
|
|
55d9285 |
+++ b/raddb/sites-available/abfab-tls
|
|
|
55d9285 |
@@ -19,7 +19,7 @@ listen {
|
|
|
55d9285 |
dh_file = ${certdir}/dh
|
|
|
55d9285 |
fragment_size = 8192
|
|
|
55d9285 |
ca_path = ${cadir}
|
|
|
55d9285 |
- cipher_list = "DEFAULT"
|
|
|
55d9285 |
+ cipher_list = "PROFILE=SYSTEM"
|
|
|
55d9285 |
|
|
|
55d9285 |
cache {
|
|
|
55d9285 |
enable = no
|
|
|
55d9285 |
diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls
|
|
|
afbec7d |
index eb60fa57b..9b340d2af 100644
|
|
|
55d9285 |
--- a/raddb/sites-available/tls
|
|
|
55d9285 |
+++ b/raddb/sites-available/tls
|
|
|
55d9285 |
@@ -197,7 +197,7 @@ listen {
|
|
|
55d9285 |
# Set this option to specify the allowed
|
|
|
55d9285 |
# TLS cipher suites. The format is listed
|
|
|
55d9285 |
# in "man 1 ciphers".
|
|
|
55d9285 |
- cipher_list = "DEFAULT"
|
|
|
55d9285 |
+ cipher_list = "PROFILE=SYSTEM"
|
|
|
55d9285 |
|
|
|
55d9285 |
#
|
|
|
55d9285 |
# Session resumption / fast reauthentication
|
|
|
55d9285 |
@@ -493,7 +493,7 @@ home_server tls {
|
|
|
55d9285 |
# Set this option to specify the allowed
|
|
|
55d9285 |
# TLS cipher suites. The format is listed
|
|
|
55d9285 |
# in "man 1 ciphers".
|
|
|
55d9285 |
- cipher_list = "DEFAULT"
|
|
|
55d9285 |
+ cipher_list = "PROFILE=SYSTEM"
|
|
|
55d9285 |
}
|
|
|
55d9285 |
|
|
|
55d9285 |
}
|
|
|
55d9285 |
--
|
|
|
afbec7d |
2.11.0
|
|
|
55d9285 |
|