Set openssl security level to 0 when using aNULL ciphers

git-svn-id: file:///svn/unbound/trunk@3919 be551aaa-1e26-0410-a405-d3ace91eadb9

daemon/remote.c

@@ -243,6 +243,9 @@ daemon_remote_create(struct config_file* cfg)
 
 	if (cfg->remote_control_use_cert == 0) {
 		/* No certificates are requested */
+		#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL)
+			SSL_CTX_set_security_level(rc->ctx, 0);
+		#endif
 		if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL")) {
 			log_crypto_err("Failed to set aNULL cipher list");
 			daemon_remote_delete(rc);

doc/Changelog

@@ -1,3 +1,6 @@
+3 November 2016: Ralph
+	- Set OpenSSL security level to 0 when using aNULL ciphers.
+
 3 November 2016: Wouter
 	- .gitattributes line for githubs code language display.
 	- log-identity: config option to set sys log identity, patch from

smallapp/unbound-control.c

@@ -176,6 +176,9 @@ setup_ctx(struct config_file* cfg)
 		free(c_cert);
 	} else {
 		/* Use ciphers that don't require authentication  */
+		#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL)
+			SSL_CTX_set_security_level(ctx, 0);
+		#endif
 		if(!SSL_CTX_set_cipher_list(ctx, "aNULL"))
 			ssl_err("Error setting NULL cipher!");
 	}