From 5d56d52e0829e503e403568de66bb6cebfec3202 Mon Sep 17 00:00:00 2001
From: Sergey Avseyev <sergey.avseyev@gmail.com>
Date: Wed, 28 Nov 2018 18:53:22 +0300
Subject: [PATCH 1/4] enforce system crypto policies

---
 test/core/handshake/client_ssl.cc        | 3 +--
 test/core/handshake/server_ssl_common.cc | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/test/core/handshake/client_ssl.cc b/test/core/handshake/client_ssl.cc
index 467df6e229..b31934e51b 100644
--- a/test/core/handshake/client_ssl.cc
+++ b/test/core/handshake/client_ssl.cc
@@ -161,8 +161,7 @@ static void server_thread(void* arg) {
   // Set the cipher list to match the one expressed in
   // src/core/tsi/ssl_transport_security.c.
   const char* cipher_list =
-      "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-"
-      "SHA384:ECDHE-RSA-AES256-GCM-SHA384";
+      "PROFILE=SYSTEM";
   if (!SSL_CTX_set_cipher_list(ctx, cipher_list)) {
     ERR_print_errors_fp(stderr);
     gpr_log(GPR_ERROR, "Couldn't set server cipher list.");
diff --git a/test/core/handshake/server_ssl_common.cc b/test/core/handshake/server_ssl_common.cc
index 41b2829d8b..8b21ea7c73 100644
--- a/test/core/handshake/server_ssl_common.cc
+++ b/test/core/handshake/server_ssl_common.cc
@@ -167,8 +167,7 @@ bool server_ssl_test(const char* alpn_list[], unsigned int alpn_list_len,
   // Set the cipher list to match the one expressed in
   // src/core/tsi/ssl_transport_security.c.
   const char* cipher_list =
-      "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-"
-      "SHA384:ECDHE-RSA-AES256-GCM-SHA384";
+      "PROFILE=SYSTEM";
   if (!SSL_CTX_set_cipher_list(ctx, cipher_list)) {
     ERR_print_errors_fp(stderr);
     gpr_log(GPR_ERROR, "Couldn't set server cipher list.");
-- 
2.21.0