DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

OpenSSL: Add build option to select default ciphers

Browse source 
Add a build option to select different default ciphers for OpenSSL
instead of the hardcoded default "DEFAULT:!EXP:!LOW".

This new option is useful on distributions where the security level
should be consistent for all applications, as in Fedora [1]. In such
cases the new configuration option would be set to "" or
"PROFILE=SYSTEM" to select the global crypto policy by default.

[1] https://fedoraproject.org/wiki/Changes/CryptoPolicy

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
This commit is contained in:
Beniamino Galvani 2017-07-09 11:06:50 +02:00 committed by Jouni Malinen
parent 65833d71a5
commit 2b9891bd6e
10 changed files with 33 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/crypto/tls_openssl.c
View file

@ -1025,7 +1025,7 @@ void * tls_init(const struct tls_config *conf)
if (conf && conf->openssl_ciphers)
ciphers = conf->openssl_ciphers;
else
ciphers = "DEFAULT:!EXP:!LOW";
ciphers = TLS_DEFAULT_CIPHERS;
if (SSL_CTX_set_cipher_list(ssl, ciphers) != 1) {
wpa_printf(MSG_ERROR,
"OpenSSL: Failed to set cipher string '%s'",