CVS commit: src/libexec/httpd

Tue, 24 Aug 2021 02:53:35 -0700 

Module Name:    src
Committed By:   mrg
Date:           Tue Aug 24 09:53:26 UTC 2021

Modified Files:
        src/libexec/httpd: CHANGES ssl-bozo.c

Log Message:
extend the list of available ciphers to include most of the
openssl "HIGH" with some additional disables.  retain the current
list of bad options.  should deal with PR#51278.


To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.50 src/libexec/httpd/CHANGES:1.51
--- src/libexec/httpd/CHANGES:1.50	Tue Aug 24 09:47:36 2021
+++ src/libexec/httpd/CHANGES	Tue Aug 24 09:53:26 2021
@@ -1,8 +1,11 @@
-$NetBSD: CHANGES,v 1.50 2021/08/24 09:47:36 mrg Exp $
+$NetBSD: CHANGES,v 1.51 2021/08/24 09:53:26 mrg Exp $
 
 changes in bozohttpd 20210824:
 	o  new "-m tlsversion" option to set the minimum TLS version
 	   available.  partially from <[email protected]>.
+	o  extend the list of available ciphers to include most of the
+	   openssl "HIGH" with some additional disables.  retain the current
+	   list of bad options.  should deal with PR#51278.
 
 changes in bozohttpd 20210504:
 	o  don't assume host BUFSIZ is sufficent.  small BUFSIZ leads to

Index: src/libexec/httpd/ssl-bozo.c
diff -u src/libexec/httpd/ssl-bozo.c:1.30 src/libexec/httpd/ssl-bozo.c:1.31
--- src/libexec/httpd/ssl-bozo.c:1.30	Tue Aug 24 09:47:36 2021
+++ src/libexec/httpd/ssl-bozo.c	Tue Aug 24 09:53:26 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssl-bozo.c,v 1.30 2021/08/24 09:47:36 mrg Exp $	*/
+/*	$NetBSD: ssl-bozo.c,v 1.31 2021/08/24 09:53:26 mrg Exp $	*/
 
 /*	$eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -51,10 +51,15 @@
 
 #ifndef BOZO_SSL_CIPHERS
 #define BOZO_SSL_CIPHERS 					\
-	"AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:"		\
-	"AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:"		\
-	"AES:"							\
-	"-SHA:"							\
+	"HIGH:"							\
+	"-SHA:-ADH:"						\
+	"-PSK-AES128-CCM:-PSK-AES256-CCM:"			\
+	"-DHE-PSK-AES128-CCM8:-DHE-PSK-AES256-CCM8:"		\
+	"-AES128-CCM8:-AES256-CCM8:"				\
+	"-DHE-RSA-AES128-CCM8:-DHE-RSA-AES256-CCM8:"		\
+	"-PSK-AES128-CCM8:-PSK-AES256-CCM8:"			\
+	"-CAMELLIA128:-CAMELLIA256:"				\
+	"-RSA-PSK-CHACHA20-POLY1305:"				\
 	"!aNULL:!eNULL:"					\
 	"!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:"			\
 	"!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:"		\

Reply via email to