Blame zabbix-crypto-policy.patch
|
|
e704152 |
diff -up zabbix-5.0.2/src/libs/zbxcrypto/tls.c.crypto-policy zabbix-5.0.2/src/libs/zbxcrypto/tls.c
|
|
|
e704152 |
--- zabbix-5.0.2/src/libs/zbxcrypto/tls.c.crypto-policy 2020-07-06 03:54:32.000000000 -0600
|
|
|
e704152 |
+++ zabbix-5.0.2/src/libs/zbxcrypto/tls.c 2020-07-18 21:22:13.125099598 -0600
|
|
|
e704152 |
@@ -2932,7 +2932,7 @@ void zbx_tls_init_child(void)
|
|
|
e704152 |
goto out;
|
|
|
e704152 |
}
|
|
|
e704152 |
}
|
|
|
e704152 |
- else if (1 != SSL_CTX_set_cipher_list(ctx_cert, ciphers))
|
|
|
e704152 |
+ else if (1 != SSL_CTX_set_cipher_list(ctx_cert, "PROFILE=SYSTEM"))
|
|
|
e704152 |
{
|
|
|
e704152 |
zbx_snprintf_alloc(&error, &error_alloc, &error_offset, "cannot set list of certificate"
|
|
|
e704152 |
" ciphersuites:");
|
|
|
e704152 |
@@ -3014,7 +3014,7 @@ void zbx_tls_init_child(void)
|
|
|
e704152 |
goto out;
|
|
|
e704152 |
}
|
|
|
e704152 |
}
|
|
|
e704152 |
- else if (1 != SSL_CTX_set_cipher_list(ctx_psk, ciphers))
|
|
|
e704152 |
+ else if (1 != SSL_CTX_set_cipher_list(ctx_psk, "PROFILE=SYSTEM"))
|
|
|
e704152 |
{
|
|
|
e704152 |
zbx_snprintf_alloc(&error, &error_alloc, &error_offset, "cannot set list of PSK ciphersuites:");
|
|
|
e704152 |
goto out;
|
|
|
e704152 |
@@ -3070,7 +3070,7 @@ void zbx_tls_init_child(void)
|
|
|
e704152 |
goto out;
|
|
|
e704152 |
}
|
|
|
e704152 |
}
|
|
|
e704152 |
- else if (1 != SSL_CTX_set_cipher_list(ctx_all, ciphers))
|
|
|
e704152 |
+ else if (1 != SSL_CTX_set_cipher_list(ctx_all, "PROFILE=SYSTEM"))
|
|
|
e704152 |
{
|
|
|
e704152 |
zbx_snprintf_alloc(&error, &error_alloc, &error_offset, "cannot set list of all ciphersuites:");
|
|
|
e704152 |
goto out;
|