Set openssl security level to 0 when using aNULL ciphers

git-svn-id: file:///svn/unbound/trunk@3919 be551aaa-1e26-0410-a405-d3ace91eadb9
2025-12-20 23:00:56 -05:00 · 2016-11-03 16:59:00 +00:00 · 2016-11-03 16:59:00 +00:00 · 589eabc0cb
commit 589eabc0cb
parent c22f958152
3 changed files with 9 additions and 0 deletions
--- a/daemon/remote.c
+++ b/daemon/remote.c
@ -243,6 +243,9 @@ daemon_remote_create(struct config_file* cfg)

 	if (cfg->remote_control_use_cert == 0) {
 		/* No certificates are requested */
+		#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL)
+			SSL_CTX_set_security_level(rc->ctx, 0);
+		#endif
 		if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL")) {
 			log_crypto_err("Failed to set aNULL cipher list");
 			daemon_remote_delete(rc);
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,6 @@
+3 November 2016: Ralph
+	- Set OpenSSL security level to 0 when using aNULL ciphers.
+
 3 November 2016: Wouter
 	- .gitattributes line for githubs code language display.
 	- log-identity: config option to set sys log identity, patch from
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@ -176,6 +176,9 @@ setup_ctx(struct config_file* cfg)
 		free(c_cert);
 	} else {
 		/* Use ciphers that don't require authentication  */
+		#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL)
+			SSL_CTX_set_security_level(ctx, 0);
+		#endif
 		if(!SSL_CTX_set_cipher_list(ctx, "aNULL"))
 			ssl_err("Error setting NULL cipher!");
 	}