| Message ID | 20180401013729.5079-2-rosenp@gmail.com |
|---|---|
| State | Accepted |
| Delegated to: | John Crispin |
| Headers | show
Return-Path: <lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ETohcHsl"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="CIA/ueCo"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40DJ042w8Nz9sXG for <incoming@patchwork.ozlabs.org>; Sun, 1 Apr 2018 11:38:10 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=MnH/pJq9ew5xFCoroWuPD0Blt/7IFBE7ccC8ospUFs0=; b=ETohcHslBDcmrt sfLkip5RF6mvEVkBEf4ylk+H+TurnSdNZML4+Q7ptkXwBcGipVD9jTA07DsqD5ydHl4KsCsqh59BQ TtQPgRczDvgrXZwrfT8oLK/lG7+CnAoBOLaA+JnLqIA593RfK7p/TY8Oml0ndxPo3BddtVSAMiif1 C0dS5Vhl5Wt4wmil5v2R3rh71Ee9G36+01YYIv/S9cBwsKaNMPiGpQDm8S9dJ+IV8eIED96DtrODs wxxp4V8lMD7qANGyyRt911rK4jli0OJlNsbZbs90FCQw5UJOi8M1SRn4hFEclMP1BjDhmp0kiFsvg FABa+ZvvfSLupWpnL5zw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1f2RwW-0006Zg-0v; Sun, 01 Apr 2018 01:38:00 +0000 Received: from mail-pf0-x243.google.com ([2607:f8b0:400e:c00::243]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1f2RwI-0006Ph-9V for lede-dev@lists.infradead.org; Sun, 01 Apr 2018 01:37:47 +0000 Received: by mail-pf0-x243.google.com with SMTP id h69so7654267pfe.13 for <lede-dev@lists.infradead.org>; Sat, 31 Mar 2018 18:37:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=IK5XErpILiP1UdZTenij/F38+/wRZmdyzTcP8268UOI=; b=CIA/ueCoXy3xxulLRKk6/w5B7sviKos8A3STejIHOSwk/7fLfT86oH+O3lpmzerYqU PK2Z6I07BaVzqWmOfQI6P5FZX30bUDRNgXyBi1gpUjFSToXwVDOQM5jIFoR7y0Gr2Bru DL96egk5XZrdXICaIRG8qV7fIz39Zu2Ht4kNZQG49wCOA1rAO4UuExuQHbVsvzlXMURc wXV0WXyBqazpnTQG+JMYvWwxl9RdVWZ0Q0Yhjiaq3NIbIpbKMljS5Iq65h/lrJ6xTakm se4bYpgTbhSEIA38zsI6eYKNpPvJnZnDgveE4IrlXhWgg3JL7XFB2vBsEyOTc1F8iZZb T4Gw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=IK5XErpILiP1UdZTenij/F38+/wRZmdyzTcP8268UOI=; b=t+VgS4jW31R4n1vKr5xg2c/c9tAE7Wdifq3wGJBvUwhVjgFSdDCernn4jQ/n+2JI90 gVVKvP+Ame+6kEDF7IpQK8d76qbFVRLIRA7zv2GiXWm25Hsnq53ED8bBBlYzbPtESjUq Zfg4wr2ed+ufndQ6El+Xjuc02lwC9tX4mK5jY5j5XT/cA2YLmtA6M3XuZeZEZgIKIyi1 baNLFc3r1JvYv+HhLMRDhUL12I4U+Nk7YQqkKuzN4s5V1PDd0GsUztoOUUaeUmxkkhoT Z+xGJrXF0lQNBPzl9zVNml2NhygjlebQ5n1wdj30uZUlRjzjv8yVH3BzT66RM8Cyy7g/ baZw== X-Gm-Message-State: AElRT7EnL4o+NyvGIgRz4WMEG0uGD5q3DHxbs88BpSqTmMLQooYAg1pE sfVuGoHHPqZqi22NPoojQjtoNKhX X-Google-Smtp-Source: AIpwx48gfGBGvUX6hsYQRAorRZideb/KaR+bgrhStpr8H6Xku/t5EDxSM3xsc8W0FlCFVmu3yhQVaw== X-Received: by 10.98.80.145 with SMTP id g17mr3458399pfj.71.1522546655259; Sat, 31 Mar 2018 18:37:35 -0700 (PDT) Received: from desktop.lan (astound-69-42-5-101.ca.astound.net. [69.42.5.101]) by smtp.gmail.com with ESMTPSA id z28sm20129871pgc.15.2018.03.31.18.37.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 31 Mar 2018 18:37:34 -0700 (PDT) From: Rosen Penev <rosenp@gmail.com> To: lede-dev@lists.infradead.org Date: Sat, 31 Mar 2018 18:37:29 -0700 Message-Id: <20180401013729.5079-2-rosenp@gmail.com> X-Mailer: git-send-email 2.16.3 In-Reply-To: <20180401013729.5079-1-rosenp@gmail.com> References: <20180401013729.5079-1-rosenp@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180331_183746_327958_DE8E560B X-CRM114-Status: GOOD ( 10.56 ) X-Spam-Score: -0.1 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2607:f8b0:400e:c00:0:0:0:243 listed in] [list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (rosenp[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Subject: [LEDE-DEV] [PATCH 2/2] ustream-ssl: Remove RC4 from ciphersuite in server mode. X-BeenThere: lede-dev@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: <lede-dev.lists.infradead.org> List-Unsubscribe: <http://lists.infradead.org/mailman/options/lede-dev>, <mailto:lede-dev-request@lists.infradead.org?subject=unsubscribe> List-Archive: <http://lists.infradead.org/pipermail/lede-dev/> List-Post: <mailto:lede-dev@lists.infradead.org> List-Help: <mailto:lede-dev-request@lists.infradead.org?subject=help> List-Subscribe: <http://lists.infradead.org/mailman/listinfo/lede-dev>, <mailto:lede-dev-request@lists.infradead.org?subject=subscribe> Cc: Rosen Penev <rosenp@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Lede-dev" <lede-dev-bounces@lists.infradead.org> Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org |
| Series |
None
|
expand
|
diff --git a/ustream-openssl.c b/ustream-openssl.c index 2faa855..eb03dab 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -52,6 +52,8 @@ __ustream_ssl_context_new(bool server) #ifndef OPENSSL_NO_ECDH SSL_CTX_set_ecdh_auto(c, 1); #endif + if (server) + SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH"); SSL_CTX_set_quiet_shutdown(c, 1); return (void *) c;
SSLlabs complains that RC4 is enabled as it is insecure, thereby capping the grade to B. Signed-off-by: Rosen Penev <rosenp@gmail.com> --- ustream-openssl.c | 2 ++ 1 file changed, 2 insertions(+)