rpms / httpd

Clone
Source Code
GIT

Files

  1.   91a2788bcecc45df329bd121a15ea7ec86285d82
  2.   httpd-2.4.17-sslciphdefault.patch
Blob Blame History Raw 

https://bugzilla.redhat.com/show_bug.cgi?id=1109119

Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.

--- httpd-2.4.17/modules/ssl/ssl_engine_config.c.sslciphdefault
+++ httpd-2.4.17/modules/ssl/ssl_engine_config.c
@@ -708,8 +708,10 @@ const char *ssl_cmd_SSLCipherSuite(cmd_p
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
     SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
 
-    /* always disable null and export ciphers */
-    arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
+    /* Disable null and export ciphers by default, except for PROFILE=
+     * configs where the parser doesn't cope. */
+    if (strncmp(arg, "PROFILE=", 8) != 0)
+        arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
 
     if (cmd->path) {
         dc->szCipherSuite = arg;
@@ -1428,8 +1430,10 @@ const char *ssl_cmd_SSLProxyCipherSuite(
 {
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
 
-    /* always disable null and export ciphers */
-    arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
+    /* Disable null and export ciphers by default, except for PROFILE=
+     * configs where the parser doesn't cope. */
+    if (strncmp(arg, "PROFILE=", 8) != 0)
+        arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
 
     sc->proxy->auth.cipher_suite = arg;
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.