42 lines
1.8 KiB
Diff
42 lines
1.8 KiB
Diff
|
From dfd09ced8657f7b3eac79038418fc5a452c396d6 Mon Sep 17 00:00:00 2001
|
||
|
From: Sergey Avseyev <sergey.avseyev@gmail.com>
|
||
|
Date: Wed, 28 Nov 2018 18:53:22 +0300
|
||
|
Subject: [PATCH] enforce system crypto policies
|
||
|
|
||
|
---
|
||
|
test/core/handshake/client_ssl.cc | 3 +--
|
||
|
test/core/handshake/server_ssl_common.cc | 3 +--
|
||
|
2 files changed, 2 insertions(+), 4 deletions(-)
|
||
|
|
||
|
diff --git a/test/core/handshake/client_ssl.cc b/test/core/handshake/client_ssl.cc
|
||
|
index 467df6e229..b31934e51b 100644
|
||
|
--- a/test/core/handshake/client_ssl.cc
|
||
|
+++ b/test/core/handshake/client_ssl.cc
|
||
|
@@ -161,8 +161,7 @@ static void server_thread(void* arg) {
|
||
|
// Set the cipher list to match the one expressed in
|
||
|
// src/core/tsi/ssl_transport_security.c.
|
||
|
const char* cipher_list =
|
||
|
- "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-"
|
||
|
- "SHA384:ECDHE-RSA-AES256-GCM-SHA384";
|
||
|
+ "PROFILE=SYSTEM";
|
||
|
if (!SSL_CTX_set_cipher_list(ctx, cipher_list)) {
|
||
|
ERR_print_errors_fp(stderr);
|
||
|
gpr_log(GPR_ERROR, "Couldn't set server cipher list.");
|
||
|
diff --git a/test/core/handshake/server_ssl_common.cc b/test/core/handshake/server_ssl_common.cc
|
||
|
index 41b2829d8b..8b21ea7c73 100644
|
||
|
--- a/test/core/handshake/server_ssl_common.cc
|
||
|
+++ b/test/core/handshake/server_ssl_common.cc
|
||
|
@@ -167,8 +167,7 @@ bool server_ssl_test(const char* alpn_list[], unsigned int alpn_list_len,
|
||
|
// Set the cipher list to match the one expressed in
|
||
|
// src/core/tsi/ssl_transport_security.c.
|
||
|
const char* cipher_list =
|
||
|
- "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-"
|
||
|
- "SHA384:ECDHE-RSA-AES256-GCM-SHA384";
|
||
|
+ "PROFILE=SYSTEM";
|
||
|
if (!SSL_CTX_set_cipher_list(ctx, cipher_list)) {
|
||
|
ERR_print_errors_fp(stderr);
|
||
|
gpr_log(GPR_ERROR, "Couldn't set server cipher list.");
|
||
|
--
|
||
|
2.19.1
|
||
|
|