From 589eabc0cb064fa356600c47bc3e91aa33a903dc Mon Sep 17 00:00:00 2001
From: Ralph Dolmans <ralph@nlnetlabs.nl>
Date: Thu, 3 Nov 2016 16:59:00 +0000
Subject: [PATCH] Set openssl security level to 0 when using aNULL ciphers

git-svn-id: file:///svn/unbound/trunk@3919 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 daemon/remote.c            | 3 +++
 doc/Changelog              | 3 +++
 smallapp/unbound-control.c | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/daemon/remote.c b/daemon/remote.c
index 2058caeb4..fa945439c 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -243,6 +243,9 @@ daemon_remote_create(struct config_file* cfg)
 
 	if (cfg->remote_control_use_cert == 0) {
 		/* No certificates are requested */
+		#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL)
+			SSL_CTX_set_security_level(rc->ctx, 0);
+		#endif
 		if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL")) {
 			log_crypto_err("Failed to set aNULL cipher list");
 			daemon_remote_delete(rc);
diff --git a/doc/Changelog b/doc/Changelog
index d4088b259..36017abe8 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+3 November 2016: Ralph
+	- Set OpenSSL security level to 0 when using aNULL ciphers.
+
 3 November 2016: Wouter
 	- .gitattributes line for githubs code language display.
 	- log-identity: config option to set sys log identity, patch from
diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
index 19268edab..79b3ae5fa 100644
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@@ -176,6 +176,9 @@ setup_ctx(struct config_file* cfg)
 		free(c_cert);
 	} else {
 		/* Use ciphers that don't require authentication  */
+		#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL)
+			SSL_CTX_set_security_level(ctx, 0);
+		#endif
 		if(!SSL_CTX_set_cipher_list(ctx, "aNULL"))
 			ssl_err("Error setting NULL cipher!");
 	}