|
 |
4475e3e |
|
|
|
4475e3e |
https://bugzilla.redhat.com/show_bug.cgi?id=1109119
|
|
|
4475e3e |
|
|
|
4475e3e |
Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
|
|
|
4475e3e |
|
|
|
91a2788 |
--- httpd-2.4.17/modules/ssl/ssl_engine_config.c.sslciphdefault
|
|
|
91a2788 |
+++ httpd-2.4.17/modules/ssl/ssl_engine_config.c
|
|
|
91a2788 |
@@ -708,8 +708,10 @@ const char *ssl_cmd_SSLCipherSuite(cmd_p
|
|
|
4475e3e |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
|
|
|
4475e3e |
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
|
|
|
4475e3e |
|
|
|
4475e3e |
- /* always disable null and export ciphers */
|
|
|
91a2788 |
- arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
|
|
|
4475e3e |
+ /* Disable null and export ciphers by default, except for PROFILE=
|
|
|
4475e3e |
+ * configs where the parser doesn't cope. */
|
|
|
4475e3e |
+ if (strncmp(arg, "PROFILE=", 8) != 0)
|
|
|
91a2788 |
+ arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
|
|
|
4475e3e |
|
|
|
4475e3e |
if (cmd->path) {
|
|
|
4475e3e |
dc->szCipherSuite = arg;
|
|
|
91a2788 |
@@ -1428,8 +1430,10 @@ const char *ssl_cmd_SSLProxyCipherSuite(
|
|
|
91a2788 |
{
|
|
|
91a2788 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
|
|
|
91a2788 |
|
|
|
91a2788 |
- /* always disable null and export ciphers */
|
|
|
91a2788 |
- arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
|
|
|
91a2788 |
+ /* Disable null and export ciphers by default, except for PROFILE=
|
|
|
91a2788 |
+ * configs where the parser doesn't cope. */
|
|
|
91a2788 |
+ if (strncmp(arg, "PROFILE=", 8) != 0)
|
|
|
91a2788 |
+ arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
|
|
|
91a2788 |
|
|
|
91a2788 |
sc->proxy->auth.cipher_suite = arg;
|
|
|
91a2788 |
|