Use system-wide crypto policy
Upstream uses reasonable defaults and keeps them updated. However, Fedora packages should use the system-wide crypto policy. Reference: https://fedoraproject.org/wiki/Packaging:CryptoPolicies
This commit is contained in:
parent
878da480e8
commit
9048b9f36a
|
@ -0,0 +1,42 @@
|
||||||
|
From f0f51d75c160baeb212090940ec1dc35af9bd565 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Todd Zullinger <tmz@pobox.com>
|
||||||
|
Date: Sun, 26 Aug 2018 01:31:13 -0400
|
||||||
|
Subject: [PATCH] Use system-wide crypto policy
|
||||||
|
|
||||||
|
Reference: https://fedoraproject.org/wiki/Packaging:CryptoPolicies
|
||||||
|
---
|
||||||
|
src/Socket.cpp | 17 +++--------------
|
||||||
|
1 file changed, 3 insertions(+), 14 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/Socket.cpp b/src/Socket.cpp
|
||||||
|
index fa510462..e40c76ea 100644
|
||||||
|
--- a/src/Socket.cpp
|
||||||
|
+++ b/src/Socket.cpp
|
||||||
|
@@ -28,21 +28,10 @@
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_LIBSSL
|
||||||
|
-// Copypasted from
|
||||||
|
-// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
|
||||||
|
-// at 2018-04-01
|
||||||
|
+// Use system-wide crypto policy
|
||||||
|
+// https://fedoraproject.org/wiki/Packaging:CryptoPolicies
|
||||||
|
static CString ZNC_DefaultCipher() {
|
||||||
|
- return "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-"
|
||||||
|
- "ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-"
|
||||||
|
- "AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-"
|
||||||
|
- "SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-"
|
||||||
|
- "RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:"
|
||||||
|
- "ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-"
|
||||||
|
- "SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:"
|
||||||
|
- "DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:"
|
||||||
|
- "ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:"
|
||||||
|
- "AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-"
|
||||||
|
- "SHA:DES-CBC3-SHA:!DSS";
|
||||||
|
+ return "PROFILE=SYSTEM";
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
--
|
||||||
|
2.19.0.rc0
|
||||||
|
|
4
znc.spec
4
znc.spec
|
@ -21,6 +21,9 @@ URL: https://znc.in
|
||||||
Source0: %{url}/releases/%{name}-%{version}.tar.gz
|
Source0: %{url}/releases/%{name}-%{version}.tar.gz
|
||||||
Source1: %{url}/releases/%{name}-%{version}.tar.gz.sig
|
Source1: %{url}/releases/%{name}-%{version}.tar.gz.sig
|
||||||
Source2: gpgkey-5AE420CC0209989E.asc
|
Source2: gpgkey-5AE420CC0209989E.asc
|
||||||
|
# Use system-wide crypto policy
|
||||||
|
# https://fedoraproject.org/wiki/Packaging:CryptoPolicies
|
||||||
|
Patch0: 0001-Use-system-wide-crypto-policy.patch
|
||||||
|
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: c-ares-devel
|
BuildRequires: c-ares-devel
|
||||||
|
@ -219,6 +222,7 @@ getent passwd znc >/dev/null || \
|
||||||
- Enable verbose make
|
- Enable verbose make
|
||||||
- Pass --with-tcl to ensure tclConfig.sh is found
|
- Pass --with-tcl to ensure tclConfig.sh is found
|
||||||
- Remove Group tag
|
- Remove Group tag
|
||||||
|
- Use system-wide crypto policy
|
||||||
|
|
||||||
* Mon Jul 23 2018 Nick Bebout <nb@fedoraproject.org> - 1.7.1-2
|
* Mon Jul 23 2018 Nick Bebout <nb@fedoraproject.org> - 1.7.1-2
|
||||||
- Add gcc-c++ and redhat-rpm-config to znc-devel's dependencies
|
- Add gcc-c++ and redhat-rpm-config to znc-devel's dependencies
|
||||||
|
|
Loading…
Reference in New Issue