public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: reinstate accidentally dropped patch for weak ciphersuites
@ 2026-06-09 12:44 Tomas Mraz
0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:44 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 33bd389ea82fcbbb132afa1ac20efe99835e92ec
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2018-09-17T12:56:19+02:00
Stats : +61/-1 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/33bd389ea82fcbbb132afa1ac20efe99835e92ec?branch=rebase_40beta
Log:
reinstate accidentally dropped patch for weak ciphersuites
---
diff --git a/openssl-1.1.1-weak-ciphers.patch b/openssl-1.1.1-weak-ciphers.patch
index e69de29..0083643 100644
--- a/openssl-1.1.1-weak-ciphers.patch
+++ b/openssl-1.1.1-weak-ciphers.patch
@@ -0,0 +1,57 @@
+diff -up openssl-1.1.1/ssl/s3_lib.c.weak-ciphers openssl-1.1.1/ssl/s3_lib.c
+--- openssl-1.1.1/ssl/s3_lib.c.weak-ciphers 2018-09-11 14:48:23.000000000 +0200
++++ openssl-1.1.1/ssl/s3_lib.c 2018-09-17 12:53:33.850637181 +0200
+@@ -2612,7 +2612,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
+ SSL_GOST89MAC,
+ TLS1_VERSION, TLS1_2_VERSION,
+ 0, 0,
+- SSL_HIGH,
++ SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
+ 256,
+ 256,
+@@ -2644,7 +2644,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
+ SSL_GOST89MAC12,
+ TLS1_VERSION, TLS1_2_VERSION,
+ 0, 0,
+- SSL_HIGH,
++ SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
+ 256,
+ 256,
+@@ -2753,7 +2753,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
+ },
+ #endif /* OPENSSL_NO_SEED */
+
+-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
++#if 0 /* No MD5 ciphersuites */
+ {
+ 1,
+ SSL3_TXT_RSA_RC4_128_MD5,
+@@ -2770,6 +2770,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
+ 128,
+ 128,
+ },
++#endif
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_RSA_RC4_128_SHA,
+@@ -2786,6 +2788,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
+ 128,
+ 128,
+ },
++#endif
++#if 0
+ {
+ 1,
+ SSL3_TXT_ADH_RC4_128_MD5,
+@@ -2802,6 +2806,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
+ 128,
+ 128,
+ },
++#endif
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
diff --git a/openssl.spec b/openssl.spec
index 3a25df1..74f0d49 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.1.1
-Release: 2%{?dist}
+Release: 3%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -449,6 +449,9 @@ export LD_LIBRARY_PATH
%postun libs -p /sbin/ldconfig
%changelog
+* Mon Sep 17 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-3
+- reinstate accidentally dropped patch for weak ciphersuites
+
* Fri Sep 14 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-2
- for consistent support of security policies we build
RC4 support in TLS (not default) and allow SHA1 in SECLEVEL 2
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:44 [rpms/openssl] rebase_40beta: reinstate accidentally dropped patch for weak ciphersuites Tomas Mraz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox